Unrated severityNVD Advisory· Published Jan 15, 2015· Updated May 6, 2026
CVE-2014-9570
CVE-2014-9570
Description
Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.
Affected products
1- cpe:2.3:a:mywebsiteadvisor:simple_security:1.1.5:*:*:*:*:wordpress:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.