Description

Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2015-2949

Related Vulnerabilities

WordPress Plugin WooCommerce Conversion Tracking Cross-Site Request Forgery (2.0.4)

WordPress Plugin Simple Membership Cross-Site Request Forgery (3.8.4)

WordPress Plugin PhotoXhibit Multiple Cross-Site Scripting Vulnerabilities (2.1.8)

WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-5205)

Severity

Medium

Classification

CVE-2015-2949 CWE-707

Tags

Missing Update Known Vulnerabilities