XSS Vulnerability in PlugNedit Adaptive Editor for WordPress
CVE-2015-9423

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Plugnedit
Vendor
CVE Published:
26 September 2019

What is CVE-2015-9423?

The PlugNedit Adaptive Editor plugin for WordPress is susceptible to Cross-Site Scripting (XSS). This vulnerability can be exploited through the wp-admin/admin-ajax.php endpoint by sending crafted requests with specific parameters, potentially allowing attackers to execute arbitrary JavaScript in a user's browser. Sites running versions prior to 6.2.0 of the plugin should be updated promptly to mitigate exposure to this security issue. Administrators are advised to review changes made to the plugin and ensure that all user inputs are properly sanitized.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://wpvulndb.com/vulnerabilities/8331
x_refsource_MISC
https://wordpress.org/plugins/plugnedit/#developers
x_refsource_MISC
http://cinu.pl/research/wp-plugins/mail_b5405e735cb605b2f...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.