WordPress Plugin Vulnerabilities

YAWPP <= 1.2.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The yawpp WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
yawpp
No known fix

References

CVE
CVE-2015-9391
URL
https://plugins.svn.wordpress.org/yawpp/tags/1.2.2/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9cf3791d-60cf-4de4-a197-23779a884cd9

Timeline

Publicly Published
2015-12-09 (about 10 years ago)
Added
2015-12-09 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-02-19
Title
Social Warfare < 4.5.6 - Contributor+ Stored XSS
Published
2026-01-24
Title
Save as PDF Plugin by PDFCrowd < 4.5.6 - Reflected Cross-Site Scripting via options
Published
2023-12-07
Title
Advanced Page Visit Counter <= 8.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-05
Title
SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster < 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
Published
2025-03-27
Title
Off-Canvas Sidebars & Menus (Slidebars) < 0.5.8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting