CVE-2015-4127

Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
Configurations

Configuration 1 (hide)

cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2015-05-28 14:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-4127

Mitre link : CVE-2015-4127

CVE.ORG link : CVE-2015-4127


JSON object : View

Products Affected

church_admin_project

  • church_admin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')