WordPress Plugin Vulnerabilities

Malware Finder <= 1.1 - Cross-Site Scripting (XSS)

Description

Plugin is still affected and has been closed.

Affects Plugins

Plugin icon
malware-finder
No known fix

References

CVE
CVE-2014-4538
URL
https://codevigilant.com/disclosure/wp-plugin-malware-finder-a3-cross-site-scripting-xss

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
af160de1-39e6-4459-b896-c927abdb762b

Timeline

Publicly Published
2014-05-28 (about 11 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-04-22 (about 6 years ago)

Other

Published
Title
Published
2025-01-16
Title
CGD Arrange Terms <= 1.1.3 - Reflected Cross-Site Scripting
Published
2025-06-18
Title
Smart Notification <= 10.3 - Reflected Cross-Site Scripting
Published
2025-10-10
Title
Blox Lite <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-11-10
Title
Magazine Companion < 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-12-12
Title
All-in-One Addons for Elementor – WidgetKit < 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets