WordPress Plugin Vulnerabilities

WP-Facethumb Gallery <= 0.1 - Reflected Cross Site Scripting

Description

The vendor has discontinued this product as of 2012-05-03.

Affects Plugins

Plugin icon
wp-facethumb
No known fix

References

CVE
CVE-2014-4585
CVE
CVE-2012-2371
URL
https://packetstormsecurity.com/files/#112658/
URL
https://codevigilant.com/disclosure/wp-plugin-wp-facethumb-a3-cross-site-scripting-xss/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
017f9fc0-9752-468e-bcb1-5ad31710572f

Timeline

Publicly Published
2012-05-13 (about 14 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2025-10-16
Title
Estatik <= 4.3.0 - Contributor+ Stored XSS
Published
2023-03-20
Title
ConvertBox Auto Embed WordPress < 1.0.20 - Contributor+ Stored Cross-Site Scripting
Published
2023-05-18
Title
Jazz Popups <= 1.8.7 - Unauthenticated Reflected Cross-Site Scripting
Published
2023-01-17
Title
WP-CommentNavi < 1.12.2 - Admin+ Stored XSS
Published
2025-12-31
Title
Consulting <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting