WordPress Plugin Vulnerabilities

OptionTree < 2.6.0 - Authenticated Cross-Site Scripting (XSS)

Description

The OptionTree WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
option-tree
Fixed in 2.6.0

References

CVE
CVE-2016-10895
URL
https://security.szurek.pl/optiontree-255-reflected-xss.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Kacper Szurek
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
01b2848e-77aa-4336-85e2-a5508c4fdc91

Timeline

Publicly Published
2016-02-10 (about 10 years ago)
Added
2019-04-30 (about 7 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-04-26
Title
Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting
Published
2023-10-03
Title
Podcast Subscribe Buttons < 1.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2014-06-12
Title
Walk Score <= 0.5.5 - Multiple XSS
Published
2025-01-07
Title
Responsive Flickr Slideshow < 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-02-02
Title
Jobs for WordPress < 2.6.0 - Author+ Stored XSS