WordPress Plugin Vulnerabilities

My Wish List < 1.4.2 - Multiple Parameter XSS

Description

The My Wish List WordPress plugin was affected by a Multiple Parameter XSS security vulnerability.

Affects Plugins

Plugin icon
my-wish-list
Fixed in 1.4.2

References

CVE
CVE-2015-9493

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
24a0bfc4-a489-42f7-98f1-230f5683267e

Timeline

Publicly Published
2015-04-13 (about 11 years ago)
Added
2015-04-26 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-29
Title
CPO Companion <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-10-05
Title
Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting
Published
2025-10-21
Title
Reservation < 1.7 - Reflected Cross-Site Scripting
Published
2023-12-27
Title
If-So Dynamic Content Personalization < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-12-29
Title
WP Google My Business Auto Publish < 3.4 - Contributor+ Stored XSS via Shortcode