WordPress Plugin Vulnerabilities

Avenir-soft Direct Download <= 1.0 - Cross-Site Scripting (XSS) & CSRF

Description

The Avenir-soft Direct Download WordPress plugin was affected by a Cross-Site Scripting (XSS) & CSRF security vulnerability.

Affects Plugins

Plugin icon
avenirsoft-directdownload
No known fix

References

CVE
CVE-2015-9442
URL
https://packetstormsecurity.com/files/#132992/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
442e4fc7-3da0-4211-a095-48b8c46976c3

Timeline

Publicly Published
2015-08-09 (about 10 years ago)
Added
2015-08-10 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-08-01
Title
WP Fast Total Search < 1.69.234 - Unauthenticated Stored Cross-Site Scripting
Published
2025-12-17
Title
DesignThemes Portfolio Addon <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-17
Title
Spider Facebook <= 1.0.15 - Reflected XSS
Published
2022-09-28
Title
Asset CleanUp: Page Speed Booster < 1.3.8.5 - Reflected Cross-Site Scripting
Published
2025-03-20
Title
Theme Demo Bar <= 1.6.3 - Reflected Cross-Site Scripting