WordPress Plugin Vulnerabilities
Multiple Plugins - jQuery prettyPhoto DOM Cross-Site Scripting (XSS)
Description
The jQuery prettyPhoto library bundled with many plugins was found to be vulnerable to DOM Cross-Site Scripting (XSS).
Proof of Concept
Affects Plugins
Fixed in 1.2.7.5
Fixed in 2.0.227 
No known fix
Fixed in 2.1.3
Fixed in 2.1.7
Fixed in 5.4
No known fix
Fixed in 4.6.1
Fixed in 3.0.229
Fixed in 3.3
Fixed in 1.1.7
Fixed in 1.1
Fixed in 2.0.0
No known fix
No known fix
No known fix
Fixed in 0.0.8
No known fix
Fixed in 6.6
Fixed in 7.5
Fixed in 3.1.5
No known fix
Fixed in 1.4.12
Fixed in 0.4.17
Fixed in 5.5
No known fix
Fixed in 2.5.2
No known fix
Fixed in 4.1.1
No known fix
Fixed in 2.11.8.18
Fixed in 1.2.0
Fixed in 1.7.5 References
Classification
Type
XSS
OWASP top 10
CWE
Miscellaneous
Submitter
ethicalhack3r
Submitter twitter
Verified
No
WPVDB ID
Timeline
Publicly Published
2015-05-14 (about 10 years ago)
Added
2015-05-14 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)
WPScan 