MOABI : Continuous Software Improvement

CVE-2015-9363
Description	iThemes Exchange before 1.12.0 for WordPress has XSS via add_query_arg() and remove_query_arg().
Impact	CVSS v3 : 6.1 MEDIUM CVSS v2 : 4.3 MEDIUM
Type	CWE-79
Attack Vector	CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html https://ithemes.com/coordinated-wordpress-plugin-security-update/