Unrated severityNVD Advisory· Published Feb 16, 2015· Updated May 6, 2026

CVE-2015-1436

Description

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.

Affected products

Easing Slider Project/Easing Slider
cpe:2.3:a:easing_slider_project:easing_slider:*:*:*:*:*:wordpress:*:*
Range: <=2.2.0.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wordpress.org/plugins/easing-slider/changelog/nvdPatchRelease Notes
packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/72572nvdExploitThird Party AdvisoryVDB Entry
www.htbridge.com/advisory/HTB23249nvdExploit
www.securityfocus.com/archive/1/534680/100/0/threadednvdThird Party AdvisoryVDB Entry
exchange.xforce.ibmcloud.com/vulnerabilities/100861nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000