WordPress Plugin Vulnerabilities

YITH Maintenance Mode < 1.2.0 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The YITH Maintenance Mode WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
yith-maintenance-mode
Fixed in 1.2.0

References

CVE
CVE-2015-9429
URL
http://cinu.pl/research/wp-plugins/mail_3a14a77571c73684103e0f517a92d757.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b613b18e-6c3b-4a7d-b6bd-a51d3ae6b37c

Timeline

Publicly Published
2015-08-21 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-02-08
Title
Data Tables Generator by Supsystic < 1.10.1 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2021-07-02
Title
Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS)
Published
2024-10-21
Title
Event Manager for WooCommerce < 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-01-19
Title
Shield Security < 13.0.6 - Admin+ Stored Cross-Site Scripting
Published
2022-05-30
Title
Print, PDF, Email by PrintFriendly < 5.2.3 - Admin+ Stored Cross-Site Scripting