CVE-2015-10093

Name of the Vulnerable Software and Affected Versions Mark User as Spammer Plugin versions 1.0.0 through 1.0.1

Description A vulnerability was found in the Mark User as Spammer Plugin. It affects the user row actions function of the file plugin/plugin.php. The manipulation of the url argument leads to cross-site scripting. The attack can be launched remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult.

Recommendations For Mark User as Spammer Plugin versions 1.0.0 through 1.0.1, upgrade to version 1.0.2 to address this issue. As a temporary workaround, consider restricting access to the user row actions function until the update is applied. Avoid using the url argument in the affected function to minimize the risk of exploitation.