WordPress Plugin Vulnerabilities

WP DB Error Manager <= 2.1.6 - Reflected Cross-Site Scripting (XSS)

Description

Reflected XSS in the file "admin/partials/wp-db-error-manager-login-display.php" in parameter "email" (query string)

Proof of Concept

Affects Plugins

Plugin icon
wp-database-error-manager
No known fix

References

URL
https://plugins.svn.wordpress.org/wp-database-error-manager/trunk/admin/partials/wp-db-error-manager-login-display.php

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Mr.F
Submitter
Mr.F
Verified
Yes
WPVDB ID
c285fbca-8cd4-45df-a25f-f49dd2d31af7

Timeline

Publicly Published
2020-11-14 (about 5 years ago)
Added
2021-03-02 (about 5 years ago)
Last Updated
2021-03-23 (about 5 years ago)

Other

Published
Title
Published
2026-03-03
Title
WPBookit < 1.0.9 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters
Published
2021-09-09
Title
RSVPMaker Excel <= 1.1 - Reflected Cross-Site Scripting
Published
2024-11-28
Title
Elementor Image Gallery Plugin < 1.0.6 - Contributor+ Stored XSS
Published
2025-12-12
Title
Kingcabs < 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
Published
2026-03-20
Title
Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes