Cross-Site Scripting Vulnerability in Gocodes Plugin for WordPress
CVE-2015-9397
5.4MEDIUM
What is CVE-2015-9397?
The Gocodes Plugin for WordPress, specifically versions up to 1.3.5, contains a Cross-Site Scripting (XSS) vulnerability caused by improper validation in the wp-admin/tools.php file. This flaw allows malicious users to execute arbitrary JavaScript code in the context of the victim's browser session, potentially leading to unauthorized actions such as data theft and session hijacking.