Cross-Site Scripting Vulnerability in Easing Slider Plugin by WordPress
CVE-2015-1436

Currently unrated

Key Information:

Vendor: Wordpress
Status: Easing Slider
Vendor: CVE Published:; 16 February 2015

Summary

The Easing Slider plugin for WordPress is susceptible to a cross-site scripting (XSS) vulnerability, allowing attackers to inject arbitrary web scripts or HTML. This exploit can occur through the 'edit' parameter in the 'easingslider_manage_customizations' and 'easingslider_edit_sliders' pages accessed via the WordPress admin dashboard. Users of versions prior to 2.2.0.7 are at risk and should upgrade to ensure their security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100861

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/130355/WordPress-Eas...

x_refsource_MISC

https://wordpress.org/plugins/easing-slider/changelog/

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 16, 2015
Vulnerability Reserved
Jan 31, 2015