WordPress Plugin Vulnerabilities

WP Favorite Posts <= 1.6.5 - Cross-Site Scripting (XSS)

Description

The WP Favorite Posts WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wp-favorite-posts
Fixed in 1.6.6

References

CVE
CVE-2016-1160
URL
https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000034.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
f0e1a028-0d12-4ad7-b734-73291f2d6b0e

Timeline

Publicly Published
2016-03-29 (about 10 years ago)
Added
2016-03-29 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-08
Title
NV Slider <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-06-06
Title
Envo Extra < 1.8.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget
Published
2020-06-03
Title
Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting
Published
2023-10-18
Title
Product Category Tree <= 2.5 - Reflected XSS
Published
2025-01-30
Title
HTML5 chat < 1.08 - Authenticated (Contributor+) Stored Cross-Site Scripting