Design/Logic Flaw

Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via addqueryarg and removequeryarg...

CVE-2015-9366

CVE-2015-9366 affects the Custom URL Tracking Add-on for iThemes Exchange (WordPress) prior to version 1.1.0. The vulnerability is an XSS via add_query_arg() and remove_query_arg(). The NVD data lists CVSSv2 base score 4.3 (MEDIUM) with I:P and A:N, and CVSSv3 base score 6.1 (MEDIUM) with I:L, C:...