WordPress Plugin Vulnerabilities

WP Media Cleaner <= 2.2.6 - Cross-Site Scripting (XSS)

Description

The wp-media-cleaner WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-media-cleaner
No known fix

References

CVE
CVE-2015-2195
URL
https://packetstormsecurity.com/files/#130576/
URL
https://seclists.org/bugtraq/2015/Feb/172

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
649cdf8b-f291-45f5-80c5-fcde0210a64f

Timeline

Publicly Published
2015-02-26 (about 11 years ago)
Added
2015-02-27 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2025-09-02
Title
Vayu Blocks < 1.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Block Attributes
Published
2025-01-20
Title
Tamara Checkout < 1.9.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2019-02-05
Title
NextScripts: Social Networks Auto-Poster < 4.2.8 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2022-11-14
Title
Photospace Gallery <= 2.3.5 - Subscriber+ Stored Cross-Site Scripting
Published
2026-05-12
Title
Fluent Forms < 6.2.2 - Contributor+ Stored XSS via 'permission_message' Shortcode Attribute