CVE-2015-9494

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier...

WordPress indieweb-post-kinds plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. indieweb-post-kinds is one of the category plugins used in it. A cross-site scripting vulnerability exists in WordPress...

Design/Logic Flaw

The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier...

CVE-2015-9494

CVE-2015-9494 affects the WordPress plugin indieweb-post-kinds (versions prior to 1.3.1.1). It enables a DOM-based XSS via the genericons/example.html anchor identifier, allowing injected script to run in a victim’s browser when that anchor is processed. PoC demonstrates the vulnerability. Remedi...

WordPress Post Kinds Plugin <= 1.3.1 - Cross Site Scripting

This plugin is prone to a DOM cross site scripting vulnerability. This attack is executed as a result of modifying the DOM in the victim’s browser used by the original client side script. Solution Update the plugin...

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-content/plugins/indieweb-post-kinds/genericons/example.html...

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-content/plugins/indieweb-post-kinds/genericons/example.html...