WP Cron Dashboard <= 1.1.5 is vulnerable to XSS

Unauthenticated

Published
2013-12-05

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.

CVE

https://www.cve.org/CVERecord?id=CVE-2013-6991

CVSS

Score:6.1

Severity:Medium

Version: 1.1.5

There is a patch available in v1.1.6 and we strongly recommend you update to this version as soon as possible.