Cross-Site Scripting in SoundCloud is Gold Plugin for WordPress
CVE-2015-9420
6.1MEDIUM
What is CVE-2015-9420?
The SoundCloud is Gold plugin prior to version 2.3.2 for WordPress is prone to a Cross-Site Scripting (XSS) vulnerability. This flaw arises due to improper input validation in the wp-admin/admin-ajax.php file when handling the 'action=get_soundcloud_player' id parameter. An attacker can exploit this vulnerability to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions or data theft.