Multiple Plugins from Puvox.software – Reflected Cross-Site Scripting | Plugin Vulnerabilities

Affects Plugins

wp-phpmyadmin-extension

Fixed in 5.2.0.4

modify-comment-fields

Fixed in 1.04

audio-video-download-buttons-for-youtube

Fixed in 1.04

post-type-modifier-simple

Fixed in 1.04

highlight-search-terms-results

Fixed in 1.04

images-asynchronous-load

Fixed in 1.06

redirect-by-cookie

Fixed in 1.07

widget-extend-builtin-query

Fixed in 1.06

debug-functions-time

Fixed in 1.41

automatic-pages-for-privacy-policy-terms-about-and-contact

Fixed in 1.42

all-custom-fields-groups

Fixed in 1.05

api-info-themes-plugins-wp-org

Fixed in 1.05

require-taxonomy-image-category-tag

Fixed in 1.27

wc-remove-tabs-and-fields

Fixed in 1.68

breadcrumbs-shortcode

Fixed in 1.45

external-url-as-post-featured-image-thumbnail

Fixed in 2.03

enable-wp-debug-from-admin-dashboard

Fixed in 1.86

add-hierarchy-parent-to-post

Fixed in 3.13

modify-profile-fields-dashboard-menu-buttons

Fixed in 1.04

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

7e949cf0-63d4-49b0-a81c-e778b3a2d837

Timeline

Publicly Published

2022-08-01 (about 3 years ago)

Added

2022-08-01 (about 3 years ago)

Last Updated

2022-08-01 (about 3 years ago)

Other

Published

Title

Published

2024-02-02

Title

Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2024-03-25

Title

Jetpack < 13.2.1 - Contributor+ Stored XSS

Published

2024-04-09

Title

Gutenberg 12.9.0 - 18.0.0 - Unauthenticated & Authenticated (Contributor+) Stored Cross-Site Scripting via Avatar Block

Published

2023-11-07

Title

Actueel Financieel Nieuws – Denk Internet Solutions < 6.0.0 - Admin+ Stored XSS

Published

2020-08-19

Title

Elegant Testimonial <= 1.1.6 - Multiple Authenticated Stored Cross-Site Scripting