Vulnerability Details CVE-2015-9426
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v3 Score 4.6
CVSS v2 Score 3.5
References
- http://cinu.pl/research/wp-plugins/mail_7c87194ce1dcf0642135d17a71ed91cd.html
- https://wordpress.org/plugins/manual-image-crop/#developers
- https://wpvulndb.com/vulnerabilities/8297
- http://cinu.pl/research/wp-plugins/mail_7c87194ce1dcf0642135d17a71ed91cd.html
- https://wordpress.org/plugins/manual-image-crop/#developers
- https://wpvulndb.com/vulnerabilities/8297
Products affected by CVE-2015-9426
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:-
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.0
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.01
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.02
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.03
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.04
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.05
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.06
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.07
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.08
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.09
-
cpe:2.3:a:manual_image_crop_project:manual_image_crop:1.10