Raygun4WP <= 1.8.0 – Unauthenticated Reflected XSS | CVE 2017-9288

Affects Plugins

raygun4wp

Fixed in 1.8.1

References

CVE

CVE-2017-9288

URL

http://jgj212.blogspot.fr/2017/05/a-reflected-xss-vulnerability-in.html

URL

https://github.com/MindscapeHQ/raygun4wordpress/issues/16

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.1 (medium)

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

f84e9b9a-80c7-4116-9117-ebf010ac0f16

Timeline

Publicly Published

2017-02-07 (about 9 years ago)

Added

2017-05-30 (about 8 years ago)

Last Updated

2020-09-22 (about 5 years ago)

Other

Published

Title

Published

2025-03-24

Title

StoreBiz <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-10-11

Title

Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting

Published

2014-08-01

Title

Gallery Bank 2.0.19 - edit-album.php album_id Parameter Reflected XSS

Published

2014-08-01

Title

Repagent - dewplayer-vinyl.swf xml Parameter XML File H&ling XSS

Published

2025-06-18

Title

Echo RSS Feed Post Generator < 5.4.9 - Reflected Cross-Site Scripting