Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Role Scoper Project | Role Scoper | <= 1.3.66 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/134600/WordPress-Role-Scoper-1.3.66-Cross-SExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/537019/100/0/threaded
- https://wordpress.org/plugins/role-scoper/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/8347Third Party Advisory
- https://www.htbridge.com/advisory/HTB23276Third Party Advisory
- http://packetstormsecurity.com/files/134600/WordPress-Role-Scoper-1.3.66-Cross-SExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/archive/1/537019/100/0/threaded
- https://wordpress.org/plugins/role-scoper/#developersRelease NotesThird Party Advisory
- https://wpvulndb.com/vulnerabilities/8347Third Party Advisory
- https://www.htbridge.com/advisory/HTB23276Third Party Advisory
FAQ
What is CVE-2015-8353?
CVE-2015-8353 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-obje...
How severe is CVE-2015-8353?
CVE-2015-8353 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8353?
Check the references section above for vendor advisories and patch information. Affected products include: Role Scoper Project Role Scoper.