Lucene search
PRIOn knowledge basePRION:CVE-2015-2218HistoryMar 05, 2015 - 4:59 p.m.
Cross site scripting
2015-03-0516:59:00
PRIOn knowledge base
www.prio-n.com
2
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wonderplugin_audio_player | le | 2.0 |
Related
cve
cve
CVE-2015-2218
2015-03-05 16:59:01
nvd
nvd
CVE-2015-2218
2015-03-05 16:59:01
cvelist
cvelist
CVE-2015-2218
2015-03-05 16:00:00
patchstack
patchstack
WordPress Audio Player Plugin <= 2.0 - Multiple XSS
2015-03-05 00:00:00
wpvulndb
wpvulndb
WonderPlugin Audio Player 2.0 - Blind SQL Injection & XSS
2015-02-19 00:00:00
kaspersky
kaspersky
KLA10491 Multiple vulnerabilities in WordPress plugins
2015-03-17 00:00:00