Vulnerabilities > Optiontree Project > Optiontree > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-08-20 CVE-2016-10895 Cross-site Scripting vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
network
low complexity
optiontree-project CWE-79
6.1
6.1
2019-08-20 CVE-2015-9320 Cross-site Scripting vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
network
low complexity
optiontree-project CWE-79
6.1
6.1