CVE-2015-6805

Medhabidotcom Mdc Private Message - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.

Exploits (1)

exploitdb WORKING POC

by Chris Kellum · textwebappsphp

https://www.exploit-db.com/exploits/37907

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37907/

Third Party Advisory x_refsource_misc

https://wpvulndb.com/vulnerabilities/8154

Scores

EPSS 0.0046

EPSS Percentile 64.2%

Details

CWE

CWE-79

Status published

Products (1)

medhabidotcom/mdc_private_message 1.0.0

Published Sep 02, 2015

Tracked Since Feb 18, 2026