WordPress Plugin Vulnerabilities

Ocim MP3 Plugin - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

Credits to :
Soufiane Boussali

Proof of Concept

Affects Plugins

Plugin icon
ocim-mp3
No known fix

References

CVE
CVE-2016-10998
URL
http://www.ocimscripts.com/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Othmane Tamagart
Submitter twitter
@0thm4n_WhiteHat
Verified
Yes
WPVDB ID
8d2ab3f0-691b-4552-b1e1-afd587302c19

Timeline

Publicly Published
2016-03-07 (about 10 years ago)
Added
2016-03-29 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-08-30
Title
breadcrumb simple <= 1.3 - Admin+ Stored XSS
Published
2015-04-20
Title
Jetpack 3.0-3.4.2 - Cross-Site Scripting (XSS)
Published
2016-07-13
Title
Profile Builder < 2.4.2 - Reflected Cross-Site Scripting (XSS)
Published
2026-04-08
Title
Download Manager < 3.3.53 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Published
2016-04-06
Title
Ultimate Member < 1.3.40 - Cross-Site Scripting (XSS)