WordPress Plugin Vulnerabilities

Ellipsis Human Presence Technology <= 2.0.8 - Unauthenticated Reflected Cross Site Scripting (XSS)

Description

The 'page' GET parameter of the inc/protected-forms-table.php file was affected by a reflected XSS vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
ellipsis-human-presence-technology
Fixed in 2.0.9

References

URL
https://packetstormsecurity.com/files/#154393/
URL
https://plugins.trac.wordpress.org/changeset/2155131/ellipsis-human-presence-technology

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Ricardo Sanchez
Verified
No
WPVDB ID
c0a138d8-93ac-463c-b650-d849352c0b44

Timeline

Publicly Published
2019-09-07 (about 6 years ago)
Added
2019-09-10 (about 6 years ago)
Last Updated
2020-02-13 (about 5 years ago)

Other

Published
Title
Published
2024-07-10
Title
WooCommerce Report < 1.5.0 - Reflected Cross-Site Scripting
Published
2025-01-29
Title
Clinked Client Portal < 1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-08
Title
AI ChatBot for WordPress – WPBot < 6.2.4 - Admin+ Stored XSS
Published
2025-08-07
Title
Visit Counter <= 1.0 - Reflected Cross-Site Scripting
Published
2023-09-05
Title
User Submitted Posts < 20230901 - Contributor+ Stored XSS via Shortcode