WordPress Plugin Vulnerabilities

GoCodes <= 1.3.5 - Authenticated XSS & Blind SQL Injection

Description

The gocodes WordPress plugin was affected by an Authenticated XSS & Blind SQL Injection security vulnerability.

Affects Plugins

Plugin icon
gocodes
No known fix

References

CVE
CVE-2015-9398
CVE
CVE-2015-9397
URL
http://cinu.pl/research/wp-plugins/mail_7ab7e224de198b2eda11dcb072d6bc8d.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9a0d434d-c1b2-47d1-8a12-502b85b6b5d1

Timeline

Publicly Published
2015-11-24 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress 3.3.1 - Multiple Vulnerabilities including XSS & Privilege Escalation
Published
2020-01-09
Title
TownHub < 1.0.6 - Multiple Vulnerabilities
Published
2015-05-02
Title
Ad Inserter 1.5.2 - CSRF & XSS
Published
2020-01-17
Title
Marketo Forms and Tracking <= 1.0.2 - CSRF to XSS
Published
2019-06-09
Title
Download Manager <= 2.9.96 - Various Sanitisation Issues