WordPress Plugin Vulnerabilities

Wordfence <= 5.1.4 - Cross-Site Scripting (XSS)

Description

An attacker can inject arbitrary script via the vulnerable query string parameter val of the whois.php file.

Affects Plugins

Plugin icon
wordfence
Fixed in 5.1.5

References

CVE
CVE-2014-4932

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
nikhil
Submitter twitter
niksthehacker
Verified
No
WPVDB ID
cc0457e1-0d4a-413a-89a5-330a4a96d1bd

Timeline

Publicly Published
2014-12-08 (about 8 years ago)
Added
2014-12-08 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2022-12-21
Title
Click to Chat < 3.18.1 - Contributor+ Stored XSS
Published
2022-03-07
Title
Menu Image, Icons made easy < 3.0.8 - Subscriber+ Stored Cross-Site Scripting
Published
2014-06-12
Title
Video Comments Webcam Recorder <= 1.55 - Unauthenticated Reflected XSS
Published
2023-02-23
Title
CPT - Speakers <= 1.1 - Admin+ Stored XSS
Published
2015-11-23
Title
My Link Order <= 4.3 - Authenticated Cross-Site Scripting (XSS)