Download WordPress Firewall 2 – Authenticated Stored XSS/CSRF

Affects Plugins

No known fix

References

URL

https://advisories.dxw.com/advisories/csrfstored-xss-in-wordpress-firewall-2-allows-unauthenticated-attackers-to-do-almost-anything-an-admin-can/

URL

https://seclists.org/fulldisclosure/2017/Apr/29

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

b282738b-c661-4d57-afdf-87358cd4b1d2

Timeline

Publicly Published

2017-04-05 (about 9 years ago)

Added

2017-04-06 (about 9 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2017-07-25

Title

Weblibrarian < 3.4.8.7 - XSS

Published

2024-06-26

Title

Gutenberg Blocks with AI by Kadence WP – Page Builder Features < 3.2.43 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget

Published

2025-04-24

Title

Blog Manager WP <= 1.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-10-21

Title

WPKoi Templates for Elementor < 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-04-25

Title

WooCommerce Amazon Affiliates < 14.1.0 - Reflected Cross-Site Scripting