WordPress Plugin Vulnerabilities

WP Code Highlight.js <= 0.6.3 - Undisclosed Cross-Site Scripting (XSS)

Description

Undisclosed XSS issues are still affecting this plugin (which has been closed from the WP repository)

Affects Plugins

Plugin icon
wp-code-highlightjs
No known fix

References

URL
https://github.com/owt5008137/WP-Code-Highlight.js/issues/28#issuecomment-546673026

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Verified
No
WPVDB ID
73100c49-2755-4a12-b1a9-5b5e907b57d6

Timeline

Publicly Published
2019-10-29 (about 6 years ago)
Added
2020-07-13 (about 5 years ago)
Last Updated
2020-07-15 (about 5 years ago)

Other

Published
Title
Published
2025-09-22
Title
WP Mailto Links <= 3.1.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-02-08
Title
All 404 Pages Redirect to Homepage < 2.0 - Unauthenticated Stored Cross-Site Scripting
Published
2023-04-17
Title
Membership Database <= 1.0 - Reflected XSS
Published
2026-02-16
Title
Forminator Forms < 1.50.3 - Admin+ Stored XSS
Published
2014-08-01
Title
silverOrchid <= 1.5.0 - XSS