WordPress Navis DocumentCloud Plugin <= 0.1.0 - XSS

2015-03-3100:00:00

Harry Metcalfe

patchstack.com

EPSS

0.003

Percentile

69.3%

This vulnerability is in js/window.php. It allows an attacker to inject arbitrary web script or HTML via the “wpbase” parameter.

Solution

           Update the plugin.

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2807

EPSS

0.003

Percentile

69.3%

Related for PATCHSTACK:8DB53F20E3266C722633A9BF57FEBE51