XSS Vulnerability in echosign Plugin for WordPress
CVE-2016-10985

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Echo Sign
Vendor: CVE Published:; 17 September 2019

What is CVE-2016-10985?

The echosign plugin for WordPress (versions prior to 1.2) contains an XSS vulnerability that allows attackers to inject malicious scripts via the 'id' parameter in the add_templates.php file. This security flaw can lead to unauthorized actions and data exposure on affected WordPress sites, potentially compromising user information or facilitating broader attacks.