WordPress Plugin Vulnerabilities

Powie's WHOIS Domain Check < 0.9.33 - Authenticated Stored Cross-Site Scripting

Description

The plugin does not properly sanitise and encode user input when output back in its settings page, leading to authenticated (from high privileged users) stored Cross-Site Scripting (XSS) issues.

Affects Plugins

Plugin icon
powies-whois
Fixed in 0.9.33

References

Exploitdb
48656
URL
https://packetstormsecurity.com/files/#158378/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
mqt
Verified
Yes
WPVDB ID
8c8a8a35-a04f-429e-8843-8201eebab421

Timeline

Publicly Published
2020-07-09 (about 5 years ago)
Added
2020-07-10 (about 5 years ago)
Last Updated
2020-07-21 (about 5 years ago)

Other

Published
Title
Published
2025-10-14
Title
Digiseller < 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-16
Title
Mojo Under Construction <= 1.1.2 - Reflected Cross-Site Scripting
Published
2024-10-27
Title
tarteaucitron.js for WordPress < 0.3.0 - Author+ Stored XSS
Published
2020-06-03
Title
Careerfy < 3.9.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2012-05-15
Title
Leaflet <= 0.0.1 - Cross Site Scripting