Stored XSS Vulnerability in Zoho SalesIQ Plugin for WordPress
CVE-2019-15644

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Salesiq
Vendor: CVE Published:; 27 August 2019

Summary

The Zoho SalesIQ plugin for WordPress, prior to version 1.0.9, contains a stored cross-site scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into the affected application's stored data. When exploited, this vulnerability can lead to unauthorized actions performed on behalf of users, potentially compromising sensitive information and damaging the integrity of the website. It is crucial for users to upgrade to the latest version to mitigate the risks associated with this security issue.

References

https://wpvulndb.com/vulnerabilities/9433

x_refsource_MISC

https://wordpress.org/plugins/zoho-salesiq/#developers

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 27, 2019
Vulnerability Reserved
Aug 26, 2019