WordPress Plugin Vulnerabilities

Content Cards <= 0.9.6 - Cross-Site Scripting (XSS)

Description

The Content Cards WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
content-cards
Fixed in 0.9.7

References

CVE
CVE-2017-17096
URL
https://plugins.trac.wordpress.org/changeset/1759263/content-cards

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
710db7c5-4a4a-450d-806d-e4ae7ebfef00

Timeline

Publicly Published
2017-11-06 (about 8 years ago)
Added
2017-12-04 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-01-30
Title
WPRadio – WordPress Radio Streaming Plugin < 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-06-25
Title
WP Masonry & Infinite Scroll < 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-01
Title
Oracle Cards Lite < 1.2.2 - Reflected Cross-Site Scripting
Published
2021-05-17
Title
Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS
Published
2024-03-22
Title
SEOPress – On-site SEO < 7.6 - Author+ Stored Cross-Site Scripting