Vulnerability Details CVE-2015-9472
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://plugins.trac.wordpress.org/changeset/1080044/incoming-links
- https://wordpress.org/plugins/incoming-links/#developers
- https://wpvulndb.com/vulnerabilities/8015
- https://plugins.trac.wordpress.org/changeset/1080044/incoming-links
- https://wordpress.org/plugins/incoming-links/#developers
- https://wpvulndb.com/vulnerabilities/8015
Products affected by CVE-2015-9472
-
cpe:2.3:a:monitorbacklinks:incoming_links:-
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.1b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.2b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.3b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.4b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.5b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.6b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.7b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.8b
-
cpe:2.3:a:monitorbacklinks:incoming_links:0.9.9b