WordPress Plugin Vulnerabilities

WP Planet <= 0.1 - Unauthenticated Reflected XSS

Description

The last time it was checked the plugin was still affected and had been closed.

Proof of Concept

Affects Plugins

Plugin icon
wp-planet
No known fix

References

CVE
CVE-2014-4592
URL
https://codevigilant.com/disclosure/wp-plugin-wp-planet-a3-cross-site-scripting-xss/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
3c9a3a97-8157-4976-8148-587d923e1fb3

Timeline

Publicly Published
2014-04-25 (about 11 years ago)
Added
2019-12-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-13
Title
WP Githuber MD <= 1.16.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-10-21
Title
Welcart e-Commerce < 2.11.23 - Authenticated (Editor+) Stored Cross-Site Scripting via order_mail
Published
2024-08-27
Title
Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF
Published
2025-06-05
Title
Image Hover Effects Block <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-02
Title
WP Responsive header image slider <= 3.2.1 - Contributor+ Stored XSS