WordPress Plugin Vulnerabilities

Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS

Description

The Manage Calameo Publications by Athlon WordPress plugin was affected by a thickbox_content.php attachment_id Parameter Reflected XSS security vulnerability.

Affects Plugins

Plugin icon
athlon-manage-calameo-publications
Fixed in 1.1.1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
83343eb3-bb4c-4b82-adf6-745882f872cc

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2015-05-15 (about 10 years ago)

Other

Published
Title
Published
2025-06-05
Title
Simple Nested Menu <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-10-25
Title
Download CloudNet360 <= 3.2.0 - Reflected Cross-Site Scripting
Published
2024-08-26
Title
WP Testimonial Widget <= 3.1 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2024-09-30
Title
Depicter Slider < 3.5.0 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2025-04-04
Title
Ecwid Shopping Cart < 7.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting