CVE-2015-20019

CVE-2015-20019: Content text slider on post < 6.9 - Authenticated Stored Cross-Site Scripting (XSS)

Vendor Unknown

Product Content text slider on post

Weakness CWE-79 · XSS

Published November 1, 2021

Last update August 6, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues

Key dates

02Disclosure timeline

November 1, 2021 CVE published

August 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-20019

Related vulnerabilities

04Related CVE

CVE-2022-4216 Chained Quiz <= 1.3.2.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Facebook App ID CVE-2025-34258 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/plan CVE-2025-24746 WordPress Popup Maker plugin <= 1.20.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-46874 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) CVE-2025-57877 Reflected XSS vulnerability in Portal for ArcGIS.