WordPress Plugin Vulnerabilities

Easy Custom Auto Excerpt <= 2.4.6 - XSS

Description

The Easy Custom Auto Excerpt WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
easy-custom-auto-excerpt
Fixed in 2.4.7

References

CVE
CVE-2018-5311
URL
https://github.com/d4wner/Vulnerabilities-Report/blob/master/easy-custom-auto-excerpt.md

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
0a5e3cfd-2e02-40f7-a70d-365991c161d2

Timeline

Publicly Published
2018-11-14 (about 7 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-16
Title
RomanCart On WordPress <= 0.0.2 - Reflected Cross-Site Scripting
Published
2023-02-14
Title
Interactive SVG Image Map Builder < 1.1 - Admin+ Stored XSS
Published
2023-11-23
Title
eDoc Employee Job Application <= 1.13 - Reflected Cross-Site Scripting
Published
2020-11-25
Title
WPJobBoard < 5.7.0 - Unauthenticated Reflected XSS & XFS
Published
2025-10-03
Title
Tooltipy <= 5.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting