WordPress Plugin Vulnerabilities

Indieweb Post Kinds <= 1.3.1 - DOM Cross-Site Scripting (XSS)

Description

The Post Kinds WordPress plugin was affected by a DOM Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
indieweb-post-kinds
Fixed in 1.3.1.1

References

CVE
CVE-2015-9494
URL
https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html
URL
https://github.com/dshanske/indieweb-post-kinds

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
6e81108e-6a84-4ca6-b091-eb59a33dc025

Timeline

Publicly Published
2015-05-13 (about 11 years ago)
Added
2015-05-13 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-04-14
Title
Accordion < 2.2.9 - Unprotected AJAX Action to Stored/Reflected XSS
Published
2024-01-31
Title
Advanced iFrame < 2024.0 - Contributor+ Stored XSS
Published
2016-02-23
Title
WP Advanced Importer Plugin < 2.2 - Reflected Cross-Site Scripting (XSS)
Published
2025-09-17
Title
Quantities and Units for WooCommerce <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-03-20
Title
Bitcoin / AltCoin Payment Gateway for WooCommerce <= 1.7.6 - Reflected Cross-Site Scripting