Launcher: Coming Soon & Maintenance Mode <= 1.0.10 – Multiple Stored XSS | CVE 2019-7411

Affects Plugins

Fixed in 1.0.11

References

CVE

CVE-2019-7411

URL

https://metamorfosec.com/Files/Advisories/METS-2019-002-Multiple_Stored_XSS_Vulnerabilities_in_the_MyThemeShop_Launcher_plugin_v1.0.8_for_WordPress.txt

URL

https://plugins.trac.wordpress.org/changeset/2028849/launcher

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Original Researcher

Metamorfosec

Submitter

Ryan Dewhurst

Submitter website

https://wpscan.io

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

77ce072b-15eb-42ea-8497-404586d8cc70

Timeline

Publicly Published

2019-02-16 (about 7 years ago)

Added

2019-05-14 (about 7 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-01-16

Title

Find Content IDs <= 1.0 - Reflected Cross-Site Scripting

Published

2024-07-16

Title

easy-table-of-contents < 2.0.68 - Editor+ Stored XSS

Published

2023-11-15

Title

BP Profile Shortcodes Extra < 2.5.3 - Contributor+ Stored XSS

Published

2024-04-04

Title

Elementor Addons, Widgets and Enhancements – Stax <= 1.4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-07-17

Title

MultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSS