CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2015-4065

LOW
3.5
CVSS Severity Score
EPSS Score0.1120%
EPSS Percentile31.39th
Published2015年5月27日
Last Modified2026年5月6日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.

Affected Platforms (CPE)

📦
Landing Pages Project

Landing Pages

<= 1.8.4

References & Advisories

🔗 http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
🔗 http://www.securityfocus.com/bid/74777
🔗 https://wordpress.org/plugins/landing-pages/changelog/
🔗 https://www.exploit-db.com/exploits/37108/
🔗 http://packetstormsecurity.com/files/132037/WordPress-Landing-Pages-1.8.4-Cross-Site-Scripting-SQL-Injection.html
🔗 http://www.securityfocus.com/bid/74777
🔗 https://wordpress.org/plugins/landing-pages/changelog/
🔗 https://www.exploit-db.com/exploits/37108/

相關漏洞威脅

CVE-2015-52278.8

The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.

CVE-2019-130477.8

kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allo...

CVE-2013-62437.5

SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers ...

CVE-2021-472777.1

In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslo...