WordPress Plugin Vulnerabilities

Magic Fields <= 1.7.1 - Authenticated Cross-Site Scripting (XSS)

Description

The magic-fields WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
magic-fields
Fixed in 1.7.2

References

CVE
CVE-2017-18609
CVE
CVE-2017-18610
CVE
CVE-2017-18611
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_magic_fields_1_wordpress_plugin.html
URL
https://github.com/hunk/Magic-Fields/releases/tag/1.7.2
URL
https://seclists.org/bugtraq/2017/Mar/6

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
98ae1ad9-c0f6-4e66-a754-f4d1bfebcf66

Timeline

Publicly Published
2017-03-01 (about 9 years ago)
Added
2017-03-03 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-12-02
Title
CSS Hero < 4.07 - Authenticated Reflected XSS
Published
2024-04-26
Title
Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
Published
2023-09-27
Title
Magic Action Box <= 2.17.2 - Contributor+ Stored XSS
Published
2023-02-15
Title
WordPress Social Login and Register < 7.5.15 - Multiple CSRF
Published
2025-02-27
Title
Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting