WordPress Plugin Vulnerabilities

Greg's High Performance SEO 1.6.1 - Reflected XSS

Description

The Greg's High Performance SEO WordPress plugin was affected by a Reflected XSS security vulnerability.

Affects Plugins

Plugin icon
gregs-high-performance-seo
Fixed in 1.6.2

References

CVE
CVE-2015-9319
URL
https://security.szurek.pl/gregs-high-performance-seo-161-reflected-xss.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
415dc86d-b744-49df-b3b8-907f54213c6b

Timeline

Publicly Published
2015-01-10 (about 11 years ago)
Added
2015-06-08 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-07-18
Title
Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG
Published
2024-12-17
Title
Contests by Rewards Fuel < 2.0.66 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-04
Title
Basticom Framework < 1.5.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
Published
2025-04-02
Title
Botnet Attack Blocker <= 2.0.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2025-02-27
Title
Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons < 26.0.1 - Unauthenticated Stored Cross-Site Scripting