WordPress Plugin Vulnerabilities

Dsidxpress < 2.1.1 - XSS

Description

Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Affects Plugins

Plugin icon
dsidxpress
Fixed in 2.1.1

References

CVE
CVE-2014-4521
URL
https://codevigilant.com/disclosure/wp-plugin-dsidxpress-a3-cross-site-scripting-xss

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
e81f2453-3bd4-4cec-87e3-a3ad0b23a147

Timeline

Publicly Published
2014-04-25 (about 12 years ago)
Added
2019-08-21 (about 6 years ago)
Last Updated
2019-11-27 (about 6 years ago)

Other

Published
Title
Published
2024-11-08
Title
pdf.js < 2.0.943 - Authenticated (Author+) Stored Cross-Site Scripting
Published
2025-01-14
Title
SetMore Theme – Custom Post Types <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-11-22
Title
Memberlite Shortcodes < 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via memberlite_accordion Shortcode
Published
2014-08-01
Title
geshi-source-colorer <= 0.13 - XSS in ZeroClipboard
Published
2026-04-07
Title
Investi < 1.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'maximum-num-years' Shortcode Attribute