WordPress Plugin Vulnerabilities

Stop User Enumeration 1.3.5-1.3.7 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The Stop User Enumeration WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
stop-user-enumeration
Fixed in 1.3.8

References

CVE
CVE-2017-18536
URL
https://plugins.trac.wordpress.org/changeset/1575129/stop-user-enumeration

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Zee Shan
Submitter twitter
@z33_5h4n
Verified
No
WPVDB ID
956cc5fd-af06-43ac-aa85-46b468c73501

Timeline

Publicly Published
2017-01-15 (about 9 years ago)
Added
2017-01-17 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-08-22
Title
Tutor LMS < 2.0.9 - Reflected Cross-Site Scripting
Published
2021-03-17
Title
Elementor < 3.1.4 - Authenticated Stored Cross-Site Scripting (XSS) in Icon Box Widget
Published
2024-11-08
Title
Advanced Video Player with Analytics <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-07-24
Title
Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)
Published
2021-07-23
Title
Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)