WordPress Plugin Vulnerabilities

Email Encoder Bundle <= 1.4.1 - Unauthenticated Cross-Site Scripting (XSS)

Description

The Email Encoder – Protect Email Addresses WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
email-encoder-bundle
Fixed in 1.4.2

References

URL
http://cinu.pl/research/wp-plugins/mail_a4264af79262061f493f0064d60995de.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
34808586-79f7-4039-b18c-2e3a9c3acc31

Timeline

Publicly Published
2015-08-10 (about 8 years ago)
Added
2015-11-24 (about 8 years ago)
Last Updated
2019-10-31 (about 4 years ago)

Other

Published
Title
Published
2023-03-06
Title
Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ Stored XSS
Published
2023-07-26
Title
nsc theme <= 1.0 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
WPsc MijnPress - 'rwflush' Parameter Cross Site Scripting
Published
2023-07-18
Title
Easy Captcha <= 1.0 - Reflected Cross-Site Scripting
Published
2015-02-22
Title
Image Metadata Cruncher - Multiple Cross-Site Scripting (XSS)