WordPress Plugin Vulnerabilities

User Domain Whitelist <= 1.4 - Stored Cross-Site Scripting (XSS)

Description

The User Domain Whitelist WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
user-domain-whitelist
Fixed in 1.5

References

CVE
CVE-2014-10381
URL
https://advisories.dxw.com/advisories/xss-and-csrf-in-user-domain-whitelist-v1-4/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Mallory Adams
Verified
No
WPVDB ID
d0f80989-0a4a-42ed-8f6b-6b07977e6f78

Timeline

Publicly Published
2013-10-09 (about 12 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-05
Title
Easy Login Styler – White Label Admin Login Page for WordPress <= 1.0.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-11-17
Title
Anthologize < 0.8.1 - Admin+ Stored XSS
Published
2023-06-09
Title
GD Mail Queue < 4.0 - Unauthenticated Stored Cross-Site Scripting
Published
2025-09-11
Title
WooCommerce Fortnox Integration < 4.5.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2018-07-28
Title
Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting (XSS)