3 matches found
CVE-2015-9372
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2015-9372
Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via addqueryarg and removequeryarg...
CVE-2015-9372
CVE-2015-9372 describes a Cross-Site Scripting vulnerability in the WordPress plugin Membership Add-on for iThemes Exchange, affecting versions before 1.3.0. The root cause is improper handling of query arguments via add_query_arg() and remove_query_arg(), enabling an attacker to inject client-si...