CVE-2015-9423

Name of the Vulnerable Software and Affected Versions PlugNedit Adaptive Editor plugin versions prior to 6.2.0

Description The issue concerns a cross-site scripting (XSS) problem. It affects the wp-admin/admin-ajax.php endpoint, specifically when the action parameter is set to "simple fields field type post dialog load". The vulnerable parameters include PlugneditBGColor, PlugneditEditorMargin, plugnedit width, pnemedcount, and plugneditcontent.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "simple fields field type post dialog load" action in the wp-admin/admin-ajax.php endpoint until the update is applied. Avoid using the vulnerable parameters in the affected endpoint until the issue is resolved.