WordPress Plugin Vulnerabilities

Dynamic Widgets <= 1.5.10 - Authenticated Cross-Site Scripting (XSS) & CSRF

Description

The Dynamic Widgets WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) & CSRF security vulnerability.

Affects Plugins

Plugin icon
dynamic-widgets
Fixed in 1.5.11

References

CVE
CVE-2015-9437
CVE
CVE-2015-9436
URL
http://cinu.pl/research/wp-plugins/mail_489304900a50751da1495e2ea660bc51.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
442ccfb7-eab2-453d-80f7-2e71682cbc03

Timeline

Publicly Published
2015-08-11 (about 10 years ago)
Added
2015-11-22 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-09-20
Title
Motors Car Dealer & Classified Ads < 1.4.1 - Multiple Issues
Published
2019-08-03
Title
Rencontre < 3.2.2 - Authenticated Stored XSS via facebook parameter & SQL Injection
Published
2018-01-08
Title
GD Rating System 2.3 - Multiple Vulnerabilities
Published
2019-05-08
Title
WPGraphQL < 0.3.0 - Multiple Vulnerabilities
Published
2019-06-09
Title
Download Manager <= 2.9.96 - Various Sanitisation Issues