Reflected XSS Vulnerability in Simplified Content Plugin by WordPress
CVE-2016-1000150

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Simplified-content
Vendor
CVE Published:
10 October 2016

What is CVE-2016-1000150?

The Simplified Content plugin for WordPress is susceptible to a reflected Cross-Site Scripting (XSS) vulnerability. This issue arises from inadequate input sanitization during the processing of requests, allowing attackers to inject malicious scripts. When a victim clicks on a crafted link, the injected script executes within the user's browser, potentially leading to session hijacking, redirection, or other malicious activities. Users are advised to upgrade to the latest version and implement proper sanitization measures to mitigate this security risk.

References

http://www.vapidlabs.com/wp/wp_advisory.php?v=853
x_refsource_MISC
http://www.securityfocus.com/bid/93581
vdb-entryx_refsource_BID
https://wordpress.org/plugins/simplified-content
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.