Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2015-9436

Disclosure Date: September 26, 2019 (last updated November 28, 2024)
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0