XSS Vulnerability in PlugNedit Adaptive Editor for WordPress
CVE-2015-9423

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Plugnedit
Vendor
CVE Published:
26 September 2019

What is CVE-2015-9423?

The PlugNedit Adaptive Editor plugin for WordPress is susceptible to Cross-Site Scripting (XSS). This vulnerability can be exploited through the wp-admin/admin-ajax.php endpoint by sending crafted requests with specific parameters, potentially allowing attackers to execute arbitrary JavaScript in a user's browser. Sites running versions prior to 6.2.0 of the plugin should be updated promptly to mitigate exposure to this security issue. Administrators are advised to review changes made to the plugin and ensure that all user inputs are properly sanitized.

References

https://wpvulndb.com/vulnerabilities/8331
x_refsource_MISC
https://wordpress.org/plugins/plugnedit/#developers
x_refsource_MISC
http://cinu.pl/research/wp-plugins/mail_b5405e735cb605b2f...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.