WordPress 15Zine cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to Wordpress 15Zine 3.3.0, which ste...

Cross site scripting

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2020-36510 15Zine < 3.3.0 - Reflected Cross-Site Scripting

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2020-36510

CVE-2020-36510 – WordPress 15Zine &lt; 3.3.0 The 15Zine WordPress theme prior to version 3.3.0 fails to sanitize/escape the cbi parameter when echoing it back in the HTTP response via the cb_s_a AJAX action, causing a reflected Cross-Site Scripting (XSS) vulnerability. Affected product: WordPress...

15Zine < 3.3.0 - Reflected Cross-Site Scripting

Description The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin-ajax.php?action=cbsa&cbi=alert/XSS/;...