EUVD-2015-9344

Malware in sbrugna...

CVE-2015-9504

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

WordPress weeklynews theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. weeklynews theme is a news site theme plugin used in it. WordPress weeklynews theme suffers from a cross-site scripting vulnerability...

CVE-2015-9504

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

Design/Logic Flaw

The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...

CVE-2015-9504

The CVE-2015-9504 entry describes an XSS vulnerability in the WordPress WeeklyNews theme prior to version 2.2.9, exploitable via the s parameter. Affected component/file: the weeklynews WordPress theme (pre-2.2.9). Root cause: reflected XSS through the s query parameter, allowing an attacker to i...

WeeklyNews Premium Theme <= 2.2 - Cross-Site Scripting (XSS)

Vendor confirmed fixed in as 2.2.9 although this issue was not mentioned in the changelog. PoC http://www.example.com/?s=test"...