WordPress Plugin Vulnerabilities

Simple Fields <= 1.4.10 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The Simple Fields WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
simple-fields
Fixed in 1.4.11

References

CVE
CVE-2015-9302
URL
http://cinu.pl/research/wp-plugins/mail_f772dfc79e484bed050275b8a5d5b060.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b3f93663-c7e9-4ad0-9cb8-29fb3f7fe3f1

Timeline

Publicly Published
2015-08-25 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2020-12-12
Title
Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting
Published
2021-08-13
Title
Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting
Published
2024-06-26
Title
The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce < 5.6.1- Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-12-21
Title
WP Attachments < 5.0.6 - Admin+ Stored XSS
Published
2026-01-06
Title
Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes