CVE-2015-9422

Name of the Vulnerable Software and Affected Versions PlugNedit Adaptive Editor plugin versions prior to 6.2.0 for WordPress

Description The issue concerns a CSRF with resultant XSS. It is exploited via the "wp-admin/admin-ajax.php?action=simple fields field type post dialog load" endpoint, using parameters such as plugnedit width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "wp-admin/admin-ajax.php?action=simple fields field type post dialog load" endpoint to minimize the risk of exploitation. Avoid using the plugnedit width, pnemedcount, PlugneditBGColor, PlugneditEditorMargin, or plugneditcontent parameters in the affected endpoint until the issue is resolved.