bbPress <= 2.5.9 – Display Name & Avatar Potential Cross-Site Scripting (XSS)

Affects Plugins

bbpress

Fixed in 2.5.10

References

URL

https://wptavern.com/bbpress-2-5-10-patches-security-vulnerability

URL

https://bbpress.org/blog/2016/07/bbpress-2-5-10-security-release/

URL

https://plugins.trac.wordpress.org/changeset/1454184/bbpress

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

53de59c4-82d4-4e51-ba74-9a905dc1b89d

Timeline

Publicly Published

2016-07-13 (about 9 years ago)

Added

2016-07-14 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2024-11-06

Title

Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider < 3.15.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget

Published

2025-01-16

Title

Custom Page Extensions <= 0.6 - Reflected Cross-Site Scripting

Published

2022-12-20

Title

WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS

Published

2024-11-04

Title

Team Showcase and Slider – Team Members Builder <= 1.3 - Reflected Cross-Site Scripting

Published

2024-12-11

Title

Staggs Product Configurator for WooCommerce < 2.1.0 - Reflected Cross-Site Scripting