Cross-Site Scripting Vulnerability in Jetpack Plugin for WordPress
CVE-2015-9359
6.1MEDIUM
What is CVE-2015-9359?
A cross-site scripting vulnerability exists in the Jetpack plugin for WordPress due to improper sanitization of user input in functions add_query_arg() and remove_query_arg(). This flaw can potentially allow attackers to inject malicious scripts into web pages viewed by unsuspecting users, leading to unauthorized actions and data exposure. Users of the Jetpack plugin should ensure they are using version 3.4.3 or later to mitigate this risk.