WordPress Plugin Vulnerabilities

Open Graph for Facebook, Google+ and Twitter Card Tags <= 2.2.4.1 - Unauthenticated Cross-Site Scripting (XSS)

Description

The Open Graph and Twitter Card Tags WordPress plugin was affected by an Unauthenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
wonderm00ns-simple-facebook-open-graph-tags
Fixed in 2.2.4.2

References

URL
https://plugins.trac.wordpress.org/browser/wonderm00ns-simple-facebook-open-graph-tags/trunk/fbimg.php?rev=1899976
URL
https://plugins.trac.wordpress.org/changeset/1899975/wonderm00ns-simple-facebook-open-graph-tags

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Thomas Chauchefoin
Verified
No
WPVDB ID
891309bc-6353-4a91-bcfe-4864df258913

Timeline

Publicly Published
2018-06-27 (about 7 years ago)
Added
2018-07-04 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2025-04-01
Title
SMM API <= 6.0.31 - Unauthenticated Stored Cross-Site Scripting
Published
2014-08-01
Title
all_in_one_carousel 1.2.20 - /tpl/add_carousel.php id Parameter Reflected XSS
Published
2024-12-17
Title
Simple Proxy <= 1.0 - Reflected Cross-Site Scripting
Published
2024-05-22
Title
Arforms < 6.4.1 - Reflected XSS
Published
2023-09-22
Title
Copy Anything to Clipboard < 2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode