2 matches found
CVE-2015-9363
iThemes Exchange before 1.12.0 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2015-9363
CVE-2015-9363 : A cross-site scripting vulnerability affects WordPress via the iThemes Exchange plugin, reported to be present before version 1.12.0. The flaw is caused by improper handling of query arguments with add_query_arg() and remove_query_arg(), enabling injection of malicious scripts int...