WordPress Plugin Vulnerabilities

MDC Private Message <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The mdc-private-message WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
mdc-private-message
Fixed in 1.0.1

References

CVE
CVE-2015-6805
Exploitdb
37907

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
520d4c4b-c282-4b26-9ef5-3aadb533aed7

Timeline

Publicly Published
2015-08-22 (about 10 years ago)
Added
2015-08-22 (about 10 years ago)
Last Updated
2019-10-25 (about 6 years ago)

Other

Published
Title
Published
2025-04-16
Title
Logo Carousel Slider <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-05-03
Title
Breakdance < 1.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via custom postmeta
Published
2025-03-18
Title
ULTIMATE VIDEO GALLERY <= 1.4 - Reflected Cross-Site Scripting
Published
2025-01-09
Title
Orbit Fox by ThemeIsle < 2.10.44 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget
Published
2025-09-09
Title
ShopLentor < 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting