Back WordPress GoCodes Plugin <= 1.3.5 - Multiple Vulnerabilities Product GoCodes Description This plugin is prone to cross site scripting vulnerability, that allows authenticated users to inject HTML and JS code. And also there is an SQL injection vulnerability, that allows authenticated users execute arbitrary SQL commands. Solution Update the plugin. Classification Type Multi References Cinu CVE Name CVE-N/A Versions Affected In <= 1.3.5 Fixed In 1.3.6 Disclosure date 2015-11-24 Credits Marcin Probola Submitter ThreatPress