WordPress Plugin Vulnerabilities

enhanced-tooltipglossary <= 3.3.4 - XSS

Description

The CM Tooltip Glossary WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
enhanced-tooltipglossary
Fixed in 3.3.5

References

CVE
CVE-2016-1000132
URL
http://www.vapidlabs.com/wp/wp_advisory.php?v=37
URL
https://www.openwall.com/lists/oss-security/2016/05/11/12

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
3b71d280-dd94-48e4-a9bb-2b0760cf9891

Timeline

Publicly Published
2016-05-11 (about 10 years ago)
Added
2016-05-11 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-05
Title
Betheme < 28.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-12-23
Title
Email Subscribers < 5.7.45 - Admin+ Stored XSS
Published
2024-04-16
Title
FileBird < 5.6.4 - Author+ Stored XSS
Published
2024-12-02
Title
Spectra – WordPress Gutenberg Blocks < 2.16.3 - Contributor+ Stored XSS via Team Widget
Published
2024-12-13
Title
glomex oEmbed < 0.9.2 - Contributor+ Stored XSS