CVE-2015-2315

WPML < 3.1.8 - Cross-Site Scripting via Reminder Popup Target Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-2315. PoCs published by weidongl74.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2015-2315, demonstrating an SQL injection vulnerability in a login system. The exploit simulates a scenario where user credentials are captured via a malicious form submission.

Description

Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.

Exploits (2)

nomisec WORKING POC 2 stars

by weidongl74 · poc

https://github.com/weidongl74/cve-2015-2315-report

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2015-2315, demonstrating an SQL injection vulnerability in a login system. The exploit simulates a scenario where user credentials are captured via a malicious form submission.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Custom web application (Bluesky Airline login system)

No auth needed

Prerequisites: Access to the vulnerable login page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/36414

View Code ZIP pw:eip

The document details three vulnerabilities in WPML (WordPress Multilingual Plugin) version 3.1.9 and earlier, including an unauthenticated SQL injection via crafted HTTP referer headers, unauthorized page/post/menu deletion, and a reflected XSS vulnerability. It provides technical explanations and proof-of-concept examples for each issue.

Classification

Writeup 100%