WordPress Plugin Vulnerabilities

Wp-D3 <= 2.4 - Cross-Site Request Forgery (CSRF)

Description

The Wp-D3 WordPress plugin was affected by a Cross-Site Request Forgery (CSRF) security vulnerability.

Affects Plugins

Plugin icon
wp-d3
Fixed in 2.4.1

References

CVE
CVE-2016-10946
URL
https://plugins.trac.wordpress.org/changeset/1537194/wp-d3
URL
https://twitter.com/klikkioy/status/800750988437188608

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
93854d16-17eb-4d29-b10f-36181af19a39

Timeline

Publicly Published
2016-11-21 (about 9 years ago)
Added
2016-11-22 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-03-16
Title
SMTP2GO < 1.5.0 - Admin+ Stored XSS
Published
2023-09-06
Title
User Submitted Posts < 20230902 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-08-01
Title
Eventin < 4.0.6 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2019-11-17
Title
Sassy Social Share <= 3.3.3 - Cross-Site Scripting (XSS)
Published
2025-01-16
Title
Data Dash <= 1.2.3 - Reflected Cross-Site Scripting