CVE-2015-1436

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
easing_slider_projecteasing_slider
𝑥
≤ 2.2.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-Cross-Site-Scripting.html
http://www.securityfocus.com/archive/1/534680/100/0/threaded
http://www.securityfocus.com/bid/72572
https://exchange.xforce.ibmcloud.com/vulnerabilities/100861
https://wordpress.org/plugins/easing-slider/changelog/
https://www.htbridge.com/advisory/HTB23249
http://packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-Cross-Site-Scripting.html
http://www.securityfocus.com/archive/1/534680/100/0/threaded
http://www.securityfocus.com/bid/72572
https://exchange.xforce.ibmcloud.com/vulnerabilities/100861
https://wordpress.org/plugins/easing-slider/changelog/
https://www.htbridge.com/advisory/HTB23249