WordPress Plugin Vulnerabilities

CKEditor for WordPress <= 4.5.3 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The CKEditor for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
ckeditor-for-wordpress
Fixed in 4.5.3.1

References

CVE
CVE-2015-9349
URL
http://cinu.pl/research/wp-plugins/mail_671ea8cb1c6d71f59599643c90f2573c.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
d6076ee4-02cd-41f4-9b81-0eae36c70dd7

Timeline

Publicly Published
2015-08-31 (about 8 years ago)
Added
2015-11-22 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2023-11-28
Title
Molongui < 4.6.20 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-10-24
Title
Advanced Floating Content < 1.2.2 - Contributor+ XSS
Published
2022-11-22
Title
Responsive Lightbox2 < 1.0.4 - Contributor+ Stored XSS
Published
2023-05-22
Title
AI ChatBot < 4.5.5 - Admin+ Stored Cross-Site Scripting
Published
2024-03-19
Title
UX Flat <= 4.8 - Contributor+ Stored XSS