WordPress Plugin Vulnerabilities

Wpml < 3.1.9 - XSS

Description

The wpml WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
wpml
Fixed in 3.1.9

References

CVE
CVE-2015-2315
URL
https://packetstormsecurity.com/files/#130810/
URL
https://wpml.org/changelog/2015/03/wpml-security-update-bug-and-fix/
URL
https://seclists.org/fulldisclosure/2015/Mar/71

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
1e3e4ca5-0472-4302-948c-73d55de3d7d1

Timeline

Publicly Published
2015-03-13 (about 11 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2019-12-28 (about 6 years ago)

Other

Published
Title
Published
2022-07-11
Title
Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting
Published
2024-03-28
Title
Easy Appointments < 3.11.19 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-04-04
Title
Testimonial Slider < 3.5.8.5 - Contributor+ Stored Cross-Site Scripting
Published
2025-05-16
Title
Broadstreet < 1.51.3 - Contributor+ Stored XSS
Published
2025-02-19
Title
Lenix Elementor Leads addon < 1.8.3 - Unauthenticated Stored Cross-Site Scripting via URL Form Field