WordPress Plugin Vulnerabilities

All In One WP Security & Firewall 4.1.4-4.1.9 - Authenticated Cross-Site Scripting (XSS)

Description

The All In One WP Security & Firewall WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
all-in-one-wp-security-and-firewall
Fixed in 4.2.0

References

CVE
CVE-2016-10866
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_all_in_one_wp_security___firewall_wordpress_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Nov/79

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
78a73195-65b5-4e9d-ba5d-b5390622af6e

Timeline

Publicly Published
2016-11-16 (about 9 years ago)
Added
2016-11-17 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-09-29
Title
Blog Filter <= 1.4 - Contributor+ Stored Cross-Site Scripting
Published
2023-05-30
Title
Woocommerce Order address Print <= 3.2 - Reflected XSS
Published
2023-09-11
Title
Socialdriver < 2024 - Prototype Pollution to XSS
Published
2018-07-28
Title
Woocommerce Jetpack < 3.8.0 - XSS
Published
2025-05-15
Title
Posts per Cat [Unmaintained] < 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting