WordPress Plugin Vulnerabilities

amtyThumb posts 8.1.3 - Unauthenticated Cross-Site Scripting (XSS)

Description

Exploitation limited to Internet Explorer. Please refer to the references for further information.

Affects Plugins

Plugin icon
amty-thumb-recent-post
No known fix

References

CVE
CVE-2017-17059
URL
https://packetstormsecurity.com/files/#145044/
URL
https://github.com/NaturalIntelligence/wp-thumb-post/issues/1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
e8c34463-8490-48b3-9705-30d3e43eb390

Timeline

Publicly Published
2017-11-23 (about 8 years ago)
Added
2017-11-30 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-03-10
Title
weForms < 1.6.28 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API
Published
2025-03-24
Title
Hester <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-07-14
Title
ARMember Lite - Membership < 4.0.17 - Admin+ Stored XSS
Published
2025-02-24
Title
Table of Contents Block <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-18
Title
UltraEmbed – Advanced Iframe Plugin For WordPress with Gutenberg Block Included <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting