CyberSec.Space Logo
Back to CVE Browser

CVE-2015-4065

LOW
3.5
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile31.39th
PublishedMay 27, 2015
Last ModifiedMay 6, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.

Affected Platforms (CPE)

πŸ“¦
Landing Pages Project

Landing Pages

<= 1.8.4

References & Advisories

πŸ”— http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
πŸ”— http://www.securityfocus.com/bid/74777
πŸ”— https://wordpress.org/plugins/landing-pages/changelog/
πŸ”— https://www.exploit-db.com/exploits/37108/
πŸ”— http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
πŸ”— http://www.securityfocus.com/bid/74777
πŸ”— https://wordpress.org/plugins/landing-pages/changelog/
πŸ”— https://www.exploit-db.com/exploits/37108/

Related Vulnerabilities

CVE-2015-52278.8

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.

CVE-2019-130477.8

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allo...

CVE-2013-62437.5

SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers ...

CVE-2021-472777.1

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslo...