WordPress Plugin Vulnerabilities

WPML < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The sitepress-multilingual-cms WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
sitepress-multilingual-cms
Fixed in 4.0

References

CVE
CVE-2018-18069

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Rahul Pratap Singh
Verified
No
WPVDB ID
024b43d3-1e73-47f1-81d2-ab15a6c7b0fd

Timeline

Publicly Published
2018-10-08 (about 7 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
Amerisale-Re - netriesdetail/upload.php edit Parameter Reflected XSS
Published
2024-12-13
Title
Post to Pdf < 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-09-21
Title
EventON < 2.2 - Admin+ Stored XSS
Published
2020-07-13
Title
SendPress Newsletter < 1.20.7.13 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2022-04-26
Title
Donate Extra <= 2.02 - Reflected Cross-Site Scripting