Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Inboundnow | Call To Action | <= 2.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134598/WordPress-Calls-To-Action-2.4.3-CrosThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/537022/100/0/threaded
- https://wordpress.org/plugins/cta/#developersRelease NotesThird Party Advisory
- https://www.htbridge.com/advisory/HTB23274ExploitThird Party Advisory
- http://packetstormsecurity.com/files/134598/WordPress-Calls-To-Action-2.4.3-CrosThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/537022/100/0/threaded
- https://wordpress.org/plugins/cta/#developersRelease NotesThird Party Advisory
- https://www.htbridge.com/advisory/HTB23274ExploitThird Party Advisory
FAQ
What is CVE-2015-8350?
CVE-2015-8350 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab paramete...
How severe is CVE-2015-8350?
CVE-2015-8350 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8350?
Check the references section above for vendor advisories and patch information. Affected products include: Inboundnow Call To Action.