ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WP Media Cleaner Plugin <= 2.2.6 - Multiple XSS

Product
WP Media Cleaner
Description
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "s", "paged" or "view" parameters in the wp-media-cleaner page to wp-admin/upload.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-2195
Versions
Affected In <= 2.2.6
Fixed In 2.2.7
Disclosure date
2015-03-03
Credits
─░smail SAYGILI