WordPress Plugin Vulnerabilities

Syndication Links <= 1.0.2 - DOM Cross-Site Scripting (XSS)

Description

The Syndication Links WordPress plugin was affected by a DOM Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
syndication-links
Fixed in 1.0.2.1

References

CVE
CVE-2015-9495
URL
https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html
URL
https://github.com/dshanske/syndication-links

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
0a6cba60-ae27-495d-8adb-422172e1bc12

Timeline

Publicly Published
2015-05-13 (about 11 years ago)
Added
2015-05-13 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-01-27
Title
Appointment Hour Booking – Booking Calendar < 1.5.61 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration
Published
2024-06-21
Title
Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
Published
2026-01-27
Title
FluentCart < 1.3.0 - Unauthenticated Stored Cross-Site Scripting
Published
2024-02-12
Title
Ultimate Reviews < 3.2.9 - Unauthenticated stored Cross-Site Scripting via reviews
Published
2024-02-20
Title
Advanced Social Feeds Widget & Shortcode <= 1.7 - Admin+ Stored XSS