WordPress Plugin Vulnerabilities

Adsense Click Fraud Monitoring <= 1.7.5 - XSS

Description

XSS via the phpwhois (https://github.com/phpWhois/phpWhois) component, which is also affected by a RCE apparently (https://github.com/phpWhois/phpWhois/issues/34).

It is unclear whether or not the issue has been fixed in the plugin.

Affects Plugins

Plugin icon
adsense-click-fraud-monitoring
No known fix

References

CVE
CVE-2015-3998

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
95ca88c4-46b3-4fa9-83d6-9f66f1ab4e04

Timeline

Publicly Published
2015-05-12 (about 11 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-04-22
Title
Sirv < 7.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-04-07
Title
LightPress Lightbox < 2.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute
Published
2024-11-08
Title
Trendy Restaurant Menu <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-09-22
Title
Wordfence 5.2.4 - IPTraf.php URI Request Stored XSS
Published
2025-01-16
Title
WpDevTool <= 0.1.1 - Reflected Cross-Site Scripting