Multiple Cross-Site Scripting Vulnerabilities in Google Analyticator Plugin for WordPress
CVE-2015-6238

Currently unrated

Key Information:

Vendor

Wordpress
Status
Google Analyticator
Vendor
CVE Published:
21 September 2015

What is CVE-2015-6238?

The Google Analyticator plugin for WordPress is susceptible to multiple cross-site scripting vulnerabilities, allowing remote attackers to inject arbitrary web scripts or HTML into the application. These vulnerabilities can be exploited by manipulating parameters such as ga_adsense, ga_admin_disable_DimentionIndex, ga_downloads_prefix, ga_downloads, or ga_outbound_prefix in the google-analyticator page accessed via wp-admin/admin.php. Successful exploitation can lead to unauthorized access to sensitive user information or enable the execution of malicious scripts in the context of user sessions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wpvulndb.com/vulnerabilities/8159
x_refsource_MISC
https://wordpress.org/plugins/google-analyticator/changelog/
x_refsource_CONFIRM
https://www.netsparker.com/cve-2015-6238-multiple-xss-vul...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.