WordPress Plugin Vulnerabilities

Fudousan < 5.7.2 - Authenticated Cross-Site Scripting (XSS)

Description

The plugin (which has the same slug for its free, Pro Single-User and Pro Multi-User versions) from the Nendeb vendor contains an authenticated Cross-Site Scripting issue

Affects Plugins

Plugin icon
fudou
Fixed in 5.7.2

References

CVE
CVE-2021-20749
URL
https://jvn.jp/en/jp/JVN93799513/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Yu Iwama of Secure Sky Technology Inc
Verified
No
WPVDB ID
cf952f03-efdc-49f8-b670-130a7d8fed9b

Timeline

Publicly Published
2021-06-22 (about 4 years ago)
Added
2021-06-22 (about 4 years ago)
Last Updated
2022-01-17 (about 4 years ago)

Other

Published
Title
Published
2025-01-16
Title
WP FixTag <= v2.0.2 - Reflected Cross-Site Scripting
Published
2024-09-25
Title
Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter
Published
2024-03-25
Title
StreamWeasels Twitch Integration < 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2016-04-12
Title
Easy Contact Form Builder <= 1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2026-04-21
Title
Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting