WordPress Plugin Vulnerabilities

WP eBay Product Feeds < 1.2 - Cross-Site Scripting via rss_url Parameter

Description

The WP eBay Product Feeds WordPress plugin was affected by a Cross-Site Scripting via rss_url Parameter security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
ebay-feeds-for-wordpress
Fixed in 1.2

References

CVE
CVE-2014-4525
URL
https://codevigilant.com/disclosure/wp-plugin-ebay-feeds-for-wordpress-a3-cross-site-scripting-xss/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
4ba10193-ae39-4b72-be04-30a542ce986a

Timeline

Publicly Published
2014-04-25 (about 12 years ago)
Added
2019-12-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-03-10
Title
GiveWP < 2.25.2 - Author+ Stored Cross-Site Scripting
Published
2024-11-07
Title
Logo Slider < 4.5.0 - Contributor+ Stored XSS
Published
2025-01-07
Title
Ultimate Image Hover Effects <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-07
Title
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.3.53 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-12-02
Title
Post Duplicator < 2.27 - Admin+ Stored Cross-Site Scripting