Cross-Site Scripting Vulnerability in Crazy-Bone Plugin for WordPress
CVE-2015-9430

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Crazy Bone
Vendor
CVE Published:
26 September 2019

Summary

The Crazy-Bone plugin for WordPress, prior to version 0.6.0, contains a cross-site scripting (XSS) vulnerability that arises from insufficient input validation of the User-Agent HTTP header. This flaw could be exploited by an attacker to inject malicious scripts, potentially compromising the effectiveness of web security measures and allowing unauthorized access or data manipulation on affected WordPress sites.

References

https://wpvulndb.com/vulnerabilities/8281
x_refsource_MISC
https://wordpress.org/plugins/crazy-bone/#developers
x_refsource_MISC
http://cinu.pl/research/wp-plugins/mail_e22c10161b1e2e4e5...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.