CVE-2015-10127

A vulnerability was found in PlusCaptcha Plugin up to 2.0.6 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 2.0.14 is able to address this issue. The patch is identified as 1274afc635170daafd38306487b6bb8a01f78ecd. It is recommended to upgrade the affected component. VDB-248954 is the identifier assigned to this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bestwebsoft:pluscaptcha:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:24

Type Values Removed Values Added
References () https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd - Patch () https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd - Patch
References () https://vuldb.com/?ctiid.248954 - Third Party Advisory () https://vuldb.com/?ctiid.248954 - Third Party Advisory
References () https://vuldb.com/?id.248954 - Third Party Advisory () https://vuldb.com/?id.248954 - Third Party Advisory
CVSS v2 : 4.0
v3 : 6.1
v2 : 4.0
v3 : 3.5

05 Jan 2024, 15:06

Type Values Removed Values Added
CPE cpe:2.3:a:bestwebsoft:pluscaptcha:*:*:*:*:*:wordpress:*:*
First Time Bestwebsoft pluscaptcha
Bestwebsoft
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References () https://vuldb.com/?ctiid.248954 - () https://vuldb.com/?ctiid.248954 - Third Party Advisory
References () https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd - () https://github.com/wp-plugins/pluscaptcha/commit/1274afc635170daafd38306487b6bb8a01f78ecd - Patch
References () https://vuldb.com/?id.248954 - () https://vuldb.com/?id.248954 - Third Party Advisory

26 Dec 2023, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-26 17:15

Updated : 2024-11-21 02:24


NVD link : CVE-2015-10127

Mitre link : CVE-2015-10127

CVE.ORG link : CVE-2015-10127


JSON object : View

Products Affected

bestwebsoft

  • pluscaptcha
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')