CVE-2015-4065

Name of the Vulnerable Software and Affected Versions Landing Pages plugin versions prior to 1.8.5

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML. The injection can be done via the post parameter to the "/wp-admin/post-new.php" API endpoint.

Recommendations For versions prior to 1.8.5, update to version 1.8.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/wp-admin/post-new.php" endpoint to minimize the risk of exploitation. Avoid using the post parameter in the affected endpoint until the issue is resolved.