WP ULike <= 3.1 – Unauthenticated Stored XSS | Plugin Vulnerabilities

Affects Plugins

Fixed in 3.2

References

URL

https://advisories.dxw.com/advisories/stored-xss-wp-ulike/

URL

https://plugins.trac.wordpress.org/changeset/1863114/wp-ulike

URL

https://seclists.org/fulldisclosure/2018/May/33

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

Ryan

Submitter twitter

Verified

No

WPVDB ID

df05cba2-a8d1-422b-aeb2-e24c6a28400d

Timeline

Publicly Published

2018-05-14 (about 7 years ago)

Added

2018-05-15 (about 7 years ago)

Last Updated

2019-11-01 (about 6 years ago)

Other

Published

Title

Published

2021-10-11

Title

WP Header Images < 2.0.1 - Reflected Cross-Site Scripting

Published

2025-01-16

Title

Google Org Chart <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-09-05

Title

WP Publication Archive <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2015-08-24

Title

Easy Coming Soon <= 1.8.1 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2026-04-22

Title

WP Store Locator < 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta