WordPress Plugin Vulnerabilities

Check Email < 0.5.2 - Cross-Site Scripting (XSS)

Description

The Check Email WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
check-email
Fixed in 0.5.2

References

CVE
CVE-2016-10934
URL
https://plugins.trac.wordpress.org/changeset/1532909
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_check_email_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Nov/113
URL
https://plugins.trac.wordpress.org/changeset/1537145

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3de69cc2-e4c2-4841-a623-41fd76428db1

Timeline

Publicly Published
2016-11-12 (about 9 years ago)
Added
2016-11-15 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-12-12
Title
Popup Builder – Create highly converting, mobile friendly marketing popups. < 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-11-05
Title
Strong Testimonials < 3.2.17 - Unauthenticated Arbitrary Shortcode Execution
Published
2025-10-06
Title
MapSVG < 8.7.23 - Contributor+ Stored XSS
Published
2025-01-22
Title
MDTF – Meta Data and Taxonomies Filter < 1.3.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-05-04
Title
Image Hover Effects Ultimate < 9.7.2 - Reflected Cross-Site Scripting