PT-2019-7253 · WordPress · All-In-One-Wp-Security-And-Firewall

Published

2019-08-13

Updated

2019-08-16

CVE-2015-9294

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions all-in-one-wp-security-and-firewall plugin versions prior to 3.9.5

Description The issue concerns a cross-site scripting (XSS) problem in the add query arg and remove query arg function instances. This could potentially allow attackers to inject malicious scripts into websites using the all-in-one-wp-security-and-firewall plugin for WordPress.

Recommendations For versions prior to 3.9.5, update to version 3.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the add query arg and remove query arg functions until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2015-9294

Affected Products

All-In-One-Wp-Security-And-Firewall

PT-2019-7253 · WordPress · All-In-One-Wp-Security-And-Firewall

CVE-2015-9294

Weakness Enumeration

Related Identifiers

Affected Products

References · 4