WordPress Plugin Vulnerabilities

WP Rollback <= 1.2.2 - Cross-Site Scripting (XSS) & CSRF

Description

The WP Rollback WordPress plugin was affected by a Cross-Site Scripting (XSS) & CSRF security vulnerability.

Affects Plugins

Plugin icon
wp-rollback
Fixed in 1.2.3

References

CVE
CVE-2015-9343
CVE
CVE-2015-9342
URL
https://secupress.me/blog/wp-rollback-a-too-permissive-plugin/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ac2dee2f-ac7a-44eb-b4c8-17ae0e41ad67

Timeline

Publicly Published
2015-06-28 (about 10 years ago)
Added
2015-06-28 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-30
Title
Real Time Validation for Gravity Forms <= 1.7.0 - Reflected Cross-Site Scripting
Published
2024-04-25
Title
XStore < 9.3.9 - Reflected Cross-Site Scripting
Published
2022-01-18
Title
The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)
Published
2025-12-07
Title
Ultimate Review < 2.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-08-11
Title
ImageRecycle pdf & image compression < 3.1.12 - Reflected XSS