Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9570


Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9570
Last Modified 16 Jan 2015 12:18:38
Published 15 Jan 2015 10:59:20
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.

Vulnerable Systems


  • Mywebsiteadvisor Simple Security 1.1.5



BUGTRAQ - 20150114 Two XSS vulnerabilities in Simple Security WordPress Plugin

Last Updated: 27 May 2016 11:07:34