Cross-Site Scripting in SoundCloud is Gold Plugin for WordPress
CVE-2015-9420

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Soundcloud Is Gold
Vendor
CVE Published:
26 September 2019

What is CVE-2015-9420?

The SoundCloud is Gold plugin prior to version 2.3.2 for WordPress is prone to a Cross-Site Scripting (XSS) vulnerability. This flaw arises due to improper input validation in the wp-admin/admin-ajax.php file when handling the 'action=get_soundcloud_player' id parameter. An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft.

References

https://wpvulndb.com/vulnerabilities/8306
x_refsource_MISC
https://wordpress.org/plugins/soundcloud-is-gold/#developers
x_refsource_MISC
http://cinu.pl/research/wp-plugins/mail_9acbc3ef2dd43bfb7...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.