CVE-2015-9356

CVE-2015-9356

EPSS 1.0%

The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/https://wordpress.org/plugins/wp-vipergb/#developers