CVE-2015-10110

Name of the Vulnerable Software and Affected Versions ruddernation TinyChat Room Spy Plugin versions up to 1.2.8

Description A problematic vulnerability was found in the ruddernation TinyChat Room Spy Plugin on WordPress. This issue affects the wp show room spy function of the file room-spy.php. The manipulation of the room argument leads to cross-site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 addresses this issue.

Recommendations For versions up to 1.2.8, upgrade to version 1.2.9 to address the issue. As a temporary workaround, consider disabling the wp show room spy function until the patch is applied. Restrict access to the room-spy.php file to minimize the risk of exploitation. Avoid using the room argument in the affected function until the issue is resolved.