ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WPML Plugin <= 3.1.8 - XSS

Product
WPML - WordPress Multilingual
Description
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "target" parameter in a reminder_popup action to the default URI.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-2315
Versions
Affected In <= 3.1.8
Fixed In 3.1.9
Disclosure date
2015-03-17
Credits
Klikki Oy