WordPress Plugin Vulnerabilities

Google Analytics Top Content Widget < 1.5.7 - Reflected XSS

Description

The plugin does not escape the generated dismiss notice URL before outputting it in an attribute, leading to Reflected Cross-Site Scripting

Affects Plugins

Plugin icon
google-analytics-top-posts-widget
Fixed in 1.5.7

References

CVE
CVE-2015-10101

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.0 (medium)

Miscellaneous

Verified
Yes
WPVDB ID
023b5d3c-85dc-4137-a08d-db5c72bd8157

Timeline

Publicly Published
2015-04-20 (about 11 years ago)
Added
2023-04-16 (about 3 years ago)
Last Updated
2023-04-16 (about 3 years ago)

Other

Published
Title
Published
2024-06-21
Title
Empty Cart Button for WooCommerce <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-19
Title
LeanPress <= 1.0.0 - Reflected Cross-Site Scripting
Published
2022-03-28
Title
Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting
Published
2021-08-09
Title
WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
Published
2025-11-19
Title
Multiple Plugins and Themes - Contributor+ DOM-Based Stored XSS via lightGallery Library