PT-2015-5656 · WordPress · Wp Media Cleaner
Published
2015-03-03
·
Updated
2018-10-09
·
CVE-2015-2195
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
WP Media Cleaner plugin version 2.2.6
Description
The issue allows remote attackers to inject arbitrary web script or HTML via the
view, paged, or s parameter in the "wp-media-cleaner" page to "wp-admin/upload.php". This can lead to cross-site scripting (XSS) attacks.Recommendations
For WP Media Cleaner plugin version 2.2.6, consider disabling access to the vulnerable parameters
view, paged, and s in the "wp-media-cleaner" page until a patch is available. Restrict access to the wp-admin/upload.php page to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Media Cleaner