Cross-Site Scripting Vulnerabilities in ResAds Plugin by WordPress
CVE-2015-7667
6.1MEDIUM
Summary
The ResAds plugin for WordPress has multiple cross-site scripting vulnerabilities that can be exploited by remote attackers. Specifically, via the 'page' parameter in the admanagement and adspot templates, attackers can inject arbitrary web scripts or HTML. This flaw allows malicious actors to manipulate web content, potentially leading to significant risks for site users and administrators.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved