WordPress Plugin Vulnerabilities

Spreadsheet - /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS

Description

The dhtmlxspreadsheet WordPress plugin was affected by a /dhtmlxspreadsheet/codebase/spreadsheet.php page Parameter Reflected XSS security vulnerability.

Affects Plugins

Plugin icon
dhtmlxspreadsheet
No known fix

References

CVE
CVE-2013-6281
URL
https://packetstormsecurity.com/files/#123699/
URL
https://github.com/espreto/wpsploit/blob/master/modules/auxiliary/scanner/http/wp_spreadsheet_xss_scanner.rb

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
49785932-f4e0-4aaa-a86c-4017890227bf

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-22 (about 6 years ago)

Other

Published
Title
Published
2014-08-01
Title
Feedweb < 1.9 - Cross-Site Scripting (XSS)
Published
2026-04-21
Title
Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-05-28
Title
Bold Builder < 5.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter
Published
2025-09-14
Title
WPLMS <= 1.9.9.8 - Reflected Cross-Site Scripting
Published
2025-01-21
Title
Themify Builder < 7.6.6 - Reflected Cross-Site Scripting