Cross Site Scripting Vulnerability in WP-Spreadplugin
CVE-2015-10132

3.5LOW

Key Information:

Vendor
Wordpress
Status
WP-spreadplugin
Vendor
CVE Published:
21 April 2024

Summary

A cross site scripting vulnerability was identified within the WP-Spreadplugin for WordPress, specifically in the 'spreadplugin.php' file. The issue arises from improper handling of the 'Spreadplugin' argument, enabling attackers to execute scripts in the context of the user's session. This vulnerability can be exploited remotely, potentially compromising the security of WordPress sites that utilize affected versions of the plugin. It is crucial for users of the WP-Spreadplugin to upgrade to version 3.8.6.6, which includes a patch designated to rectify this issue, enhancing the overall security posture of their WordPress installations.

Affected Version(s)

WP-Spreadplugin 3.8.6.0

WP-Spreadplugin 3.8.6.1

References

https://vuldb.com/?id.261676
vdb-entrytechnical-description
https://vuldb.com/?ctiid.261676
signaturepermissions-required
https://github.com/wp-plugins/wp-spreadplugin/commit/a9b9...
patch

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
.