WordPress Plugin Vulnerabilities

Wordfence 5.2.2 - XSS in Referer Header

Description

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a XSS in Referer Header security vulnerability.

Affects Plugins

Plugin icon
wordfence
Fixed in 5.2.3

References

URL
https://vexatioustendencies.com/wordpress-plugin-vulnerability-dump-part-2/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
514cc85e-b184-4673-8b7e-718b3eca0c4d

Timeline

Publicly Published
2014-12-01 (about 11 years ago)
Added
2014-12-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-04-25
Title
Advanced Post List <= 0.5.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-05-17
Title
Contact Form Plugin by Fluent Forms < 5.1.17 - Contributor+ Stored XSS
Published
2021-10-20
Title
Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting
Published
2018-03-08
Title
Activity Log <= 2.4.0 - Multiple Cross-Site Scripting (XSS)
Published
2025-04-24
Title
Blog Manager WP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting