Multiple iThemes plugins, themes and add-ons - XSS via add_query_arg() and remove_query_arg()

Affects Plugins

fixed in version 1.12.0
- plugin closed
fixed in version 1.1.0
fixed in version 1.1.0
fixed in version 1.1.0
fixed in version 1.2.0
fixed in version 1.1.0
fixed in version 1.1.0
fixed in version 1.3.0
fixed in version 1.1.0
fixed in version 1.2.0
fixed in version 1.1.0
fixed in version 1.2.8
fixed in version 0.7.7
fixed in version 1.4.0

Affects Themes

fixed in version 5.0.30
fixed in version 5.1.27

References

CVE 2015-9363
CVE 2015-9364
CVE 2015-9365
CVE 2015-9366
CVE 2015-9367
CVE 2015-9368
CVE 2015-9369
CVE 2015-9370
CVE 2015-9371
CVE 2015-9372
CVE 2015-9373
CVE 2015-9374
CVE 2015-9375
CVE 2015-9376
CVE 2015-9377
CVE 2015-9378
CVE 2015-9379
URL https://ithemes.com/coordinated-wordpress-plugin-security-update/
URL https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Views 4894
Verified No
WPVDB ID 9845

Timeline

Publicly Published 2015-04-20 (about 5 years ago)
Added 2019-08-29 (9 months ago)
Last Updated 2019-11-28 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin