WordPress Plugin Vulnerabilities

vkontakte-api - vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS

Description

The VKontakte API – crossposting, comments, social buttons, login WordPress plugin was affected by a vkontakte-api/swf/tagcloud.swf tagcloud Parameter XSS security vulnerability.

Affects Plugins

Plugin icon
vkontakte-api
No known fix

References

CVE
CVE-2009-4168
URL
https://seclists.org/oss-sec/2013/q1/616
URL
https://www.openwall.com/lists/oss-security/2013/03/11/1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
3dad9709-684c-4a4a-8ea2-f7e1226c39f4

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2021-11-18
Title
Pixel Cat Lite < 2.6.4 - Reflected Cross-Site Scripting
Published
2024-09-26
Title
Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF
Published
2024-11-15
Title
SimpleForm Contact Form Submissions <= 2.1.0 - Reflected Cross-Site Scripting
Published
2024-10-31
Title
Kento Ads Rotator <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-03-28
Title
Elementor Addon Elements < 1.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting