WordPress Plugin Vulnerabilities

Role Scoper <= 1.3.66 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The Role Scoper (Obsolete – Please install PublishPress Permissions) WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
role-scoper
Fixed in 1.3.67

References

CVE
CVE-2015-8353
URL
https://www.immuniweb.com/advisory/HTB23276
URL
https://seclists.org/bugtraq/2015/Dec/6

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0afdee9e-ca41-4229-b7e8-30098c0623d7

Timeline

Publicly Published
2015-12-02 (about 10 years ago)
Added
2015-12-02 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2016-05-30
Title
wpDiscuz < 3.2.0 - Reflected Cross-Site Scripting (XSS)
Published
2021-07-11
Title
WPFront Notification Bar < 2.0.0.07176 - Authenticated Stored XSS
Published
2025-01-30
Title
Ticketmeo – Sell Tickets – Event Ticketing < 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-02-23
Title
Small Package Quotes – Unishippers Edition < 2.4.10 - Reflected Cross-Site Scripting
Published
2010-11-05
Title
Feedlist < 2.70.00 - XSS