Multiple Cross-Site Scripting Vulnerabilities in WonderPlugin Audio Player for WordPress
CVE-2015-2218

Currently unrated

Key Information:

Vendor

Wordpress
Status
Wonderplugin Audio Player
Vendor
CVE Published:
5 March 2015

What is CVE-2015-2218?

The WonderPlugin Audio Player for WordPress is vulnerable to multiple cross-site scripting (XSS) attacks due to improper validation of user inputs in the wp_ajax_save_item function. Attackers can exploit this vulnerability by injecting arbitrary web scripts or HTML through the 'item[name]' and 'item[customcss]' parameters during a wonderplugin_audio_save_item action. Additionally, the 'itemid' parameter in the wonderplugin_audio_show_item and wonderplugin_audio_edit_item pages is also susceptible. This can lead to unauthorized actions or data exposure when users visit compromised links.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://security.szurek.pl/wonderplugin-audio-player-20-bl...
x_refsource_MISC
http://osvdb.org/show/osvdb/118511
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/74851
vdb-entryx_refsource_BID

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.