Themes Vulnerabilities

Artificial Intelligence Theme <= 1.2.3 - DOM Cross-Site Scripting (XSS)

Description

The artificial-intelligence WordPress theme was affected by a DOM Cross-Site Scripting (XSS) security vulnerability.

Affects Themes

artificial-intelligence
Fixed in 1.2.4

References

CVE
CVE-2015-9501
URL
https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html
URL
https://github.com/duchenerc/artificial-intelligence/blob/53d0b1c323664876326b5bea807aac0dcb370fbd/scss/modules/genericons/example.html
URL
https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
1042c0a1-d2e1-4cb2-9d80-bc84e825ab17

Timeline

Publicly Published
2015-05-12 (about 11 years ago)
Added
2015-05-19 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-08-16
Title
Meta Field Block < 1.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-01-03
Title
Blockonomics < 3.5.8 - Reflected Cross-Site Scripting
Published
2024-09-24
Title
Charity Addon for Elementor < 1.3.2 - Contributor+ Stored XSS
Published
2025-04-09
Title
Nav Menu Manager < 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-06-28
Title
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)