ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Genericons Plugin <= 4.2.1 - XSS

Product
Genericons
Description
This vulnerability is in example.html and allows an attacker to inject arbitrary web script or HTML via a fragment identifier.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-3429
Versions
Affected In <= 4.2.1
Fixed In 4.2.2
Disclosure date
2015-04-27
Credits
Omar Kurt