WordPress Plugin Vulnerabilities

WHIZZ <= 1.0.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The WHIZZ WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
whizz
Fixed in 1.0.8

References

CVE
CVE-2016-1000154
URL
http://www.vapidlabs.com/wp/wp_advisory.php?v=112
URL
https://www.openwall.com/lists/oss-security/2016/04/12/8

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
4738776b-02d0-48d5-9e29-acb379b11f26

Timeline

Publicly Published
2016-04-13 (about 9 years ago)
Added
2016-04-19 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-09-20
Title
Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting
Published
2025-12-04
Title
PDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2021-08-30
Title
TranslatePress < 2.0.9 - Authenticated Stored Cross-Site Scripting
Published
2025-07-16
Title
JetSmartFilters < 3.6.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
felici - XSS