WordPress Plugin Vulnerabilities

OnePress Social Locker < 4.2.5 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The OnePress Social Locker WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
social-locker
Fixed in 4.2.5

References

CVE
CVE-2015-9425
URL
http://cinu.pl/research/wp-plugins/mail_9e26c6f71bf8467e4a5017b15d5acddc.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
7f2f260b-243e-4acd-bf1f-3c69a03f7b85

Timeline

Publicly Published
2015-08-25 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-13
Title
User Language Switch <= 1.6.10 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'tab_color_picker_language_switch' Parameter
Published
2025-01-16
Title
Annie <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-05-07
Title
Ultimate Member < 2.1.20 - Authenticated Reflected Cross-Site Scripting (XSS)
Published
2017-08-24
Title
BackupGuard < 1.1.47 - Authenticated Cross-Site Scripting (XSS)
Published
2023-11-15
Title
Daily Prayer Time < 2023.10.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode