CVE-2015-10120 LOW

CVE-2015-10120: WDS Multisite Aggregate Plugin WDS_Multisite_Aggregate_Options.php update_options cross site scripting

Vendor N/A
Product WDS Multisite Aggregate Plugin
Weakness CWE-79 · XSS
Published July 10, 2023
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of the file includes/WDS_Multisite_Aggregate_Options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 49e0bbcb6ff70e561365d9e0d26426598f63ca12. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-233364.

Key dates

02Disclosure timeline

July 10, 2023 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22313 WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-51718 WordPress Simple Modal plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2020-36634 Indeed Engineering util ViewExportedVariablesServlet.java appendTo cross site scripting CVE-2026-48839 WordPress WP Statistics plugin <= 14.16.6 - Cross Site Scripting (XSS) vulnerability CVE-2022-45836 WordPress Download Manager Plugin <= 3.2.59 is vulnerable to Cross Site Scripting (XSS)