WordPress Plugin Vulnerabilities

Postmatic <= 1.4.5 - Cross-Site Scripting (XSS)

Description

The Replyable – Subscribe to Comments and Reply by Email WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
postmatic
Fixed in 1.4.6

References

CVE
CVE-2015-9411

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
1530741f-558a-4d86-9008-4d2bcef4fab6

Timeline

Publicly Published
2015-09-13 (about 10 years ago)
Added
2015-09-13 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-12-12
Title
HT Slider for Elementor < 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-05-31
Title
FooGallery < 2.0.35 - Authenticated Stored Cross-Site Scripting
Published
2024-12-30
Title
AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress < 9.11.1 - Reflected Cross-Site Scripting
Published
2023-12-28
Title
WP User Profile Avatar < 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-08-27
Title
Xpro Elementor Addons < 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting