WordPress Plugin Vulnerabilities

Akismet 2.5.0-3.1.4 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The Akismet WordPress plugin, between versions 2.5.0 and 3.1.4, was found to be affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability.

Affects Plugins

Plugin icon
akismet
Fixed in 3.1.5

References

CVE
CVE-2015-9357
URL
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Marc Montpas from Sucuri
Verified
No
WPVDB ID
1a2f3094-5970-4251-9ed0-ec595a0cd26c

Timeline

Publicly Published
2015-10-13 (about 10 years ago)
Added
2015-10-13 (about 10 years ago)
Last Updated
2020-10-24 (about 5 years ago)

Other

Published
Title
Published
2024-03-25
Title
PropertyHive < 2.0.9 - Reflected Cross-Site Scripting
Published
2024-12-11
Title
Gutensee < 1.0.7 - Contributor+ Stored XSS
Published
2022-01-12
Title
Remove Footer Credit < 1.0.11 - Admin+ Stored Cross-Site Scripting
Published
2025-11-04
Title
Spectra < 2.19.15 - Contributor+ Stored XSS via Custom CSS
Published
2025-08-03
Title
JetWooBuilder < 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting