WordPress Plugin Vulnerabilities

SoundCloud Is Gold <= 2.3.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The SoundCloud Is Gold WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
soundcloud-is-gold
Fixed in 2.3.2

References

CVE
CVE-2015-9420
URL
http://cinu.pl/research/wp-plugins/mail_9acbc3ef2dd43bfb78b6b3dcf6c5ef01.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
451befec-18b8-4844-85c5-03c5c030f318

Timeline

Publicly Published
2015-08-26 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-07-03
Title
CareerUp < 2.3.1 - Unauthenticated Reflected Cross-Site Scripting
Published
2023-02-02
Title
Arigato Autoresponder and Newsletter < 2.1.7.2 - Contributor+ Stored XSS
Published
2017-06-06
Title
Event Calendar WD <= 1.0.93 - Authenticated Cross-Site Scripting (XSS)
Published
2025-05-19
Title
Back Button Widget < 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-05-01
Title
Brizy – Page Builder < 2.8.12 - Unauthenticated Stored Cross-Site Scripting via FileUpload Field Value