Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9570

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9570
Last Modified 16 Jan 2015 12:18:38
Published 15 Jan 2015 10:59:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9570

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.

Vulnerable Systems

Application

  • Mywebsiteadvisor Simple Security 1.1.5


References

MISC - https://www.htbridge.com/advisory/HTB23244

BUGTRAQ - 20150114 Two XSS vulnerabilities in Simple Security WordPress Plugin


Last Updated: 27 May 2016 11:07:34