WordPress Plugin Vulnerabilities

WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The wp-symposium WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wp-symposium
No known fix

References

CVE
CVE-2015-9414
URL
https://cxsecurity.com/issue/WLB-2015090024

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Ehsan Hosseini
Verified
Yes
WPVDB ID
2ac2d43f-bf3f-4831-9585-5c5484051095

Timeline

Publicly Published
2015-09-06 (about 10 years ago)
Added
2015-09-07 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-07-10
Title
Magical Addons For Elementor < 1.1.42 - Contributor+ Stored XSS
Published
2022-04-04
Title
wpDataTables < 2.1.28 - Admin+ Stored Cross-Site Scripting
Published
2025-02-20
Title
TCBD Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-11-20
Title
Magical Products Display < 1.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget
Published
2023-06-09
Title
WP Mail Catcher < 2.1.3 - Unauthenticated Stored Cross-Site Scripting