WordPress Plugin Vulnerabilities

Easy Property Listings < 3.4 - Cross-Site Scripting (XSS)

Description

Changelog for 3.4 mentions:

- MAJOR Security Update Release. Important to update to the latest version to protect your website. Easy Property Listings has been reviewed and approved by the WordPress plugin team.
- This is a critical update to Easy Property Listings plugin that is focused on security enhancements. Update you site to this version.
- Fix: XSS security flaw.

Affects Plugins

Plugin icon
easy-property-listings
Fixed in 3.4

References

CVE
CVE-2019-15817
URL
https://plugins.trac.wordpress.org/changeset?new=2140896%40easy-property-listings&old=2138850%40easy-property-listings

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
69393cc5-a4ad-40e8-96a4-e05e36a0399f

Timeline

Publicly Published
2019-08-17 (about 6 years ago)
Added
2019-08-18 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-08-06
Title
Highlight < 0.9.3 - Authenticated Stored Cross-Site Scripting
Published
2024-12-23
Title
WP Datepicker < 2.1.5 - Reflected Cross-Site Scripting
Published
2024-03-12
Title
WP Go Maps (formerly WP Google Maps) < 9.0.33 - Contributor+ Stored Cross-Site Scripting via Shortcode
Published
2024-11-21
Title
Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-24
Title
Responsive Lightbox & Gallery < 2.5.1 - Contributor+ Stored XSS