Unrated severityNVD Advisory· Published Jan 15, 2015· Updated Jun 17, 2026
CVE-2014-9570
CVE-2014-9570
Description
Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.
Affected products
2- cpe:2.3:a:mywebsiteadvisor:simple_security:1.1.5:*:*:*:*:wordpress:*:*
- Range: <=1.1.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.