WordPress Plugin Vulnerabilities

Crazy Bone < 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The Crazy Bone WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
crazy-bone
Fixed in 0.6.0

References

CVE
CVE-2015-9430
URL
http://cinu.pl/research/wp-plugins/mail_e22c10161b1e2e4e54facf2d17e723c3.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
fbf9902c-f2f5-4c22-8b36-b04e224b5618

Timeline

Publicly Published
2015-08-21 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2015-01-10
Title
Greg's High Performance SEO 1.6.1 - Reflected XSS
Published
2024-12-11
Title
Radius Blocks < 2.2.0 - Contributor+ Stored XSS
Published
2024-11-25
Title
Elementor Website Builder < 3.25.8 - Contributor+ Stored XSS
Published
2025-01-30
Title
Ai Image Alt Text Generator for WP < 1.0.7 - Reflected Cross-Site Scripting
Published
2025-04-01
Title
Front End Users < 3.2.33 - Reflected XSS