WordPress Plugin Vulnerabilities

Shibboleth <= 1.7 - Cross-Site Scripting (XSS)

Description

The Shibboleth WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
shibboleth
Fixed in 1.8

References

CVE
CVE-2017-14313
URL
https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
URL
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874416

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
fbfb7852-15ee-47fa-9425-211556dec748

Timeline

Publicly Published
2016-03-02 (about 10 years ago)
Added
2017-09-12 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-03-25
Title
Funnel Builder by CartFlows < 2.0.2 - Editor+ Stored XSS
Published
2017-09-12
Title
Pinfinity Theme < 2.0 - Reflected Cross-site Scripting (XSS)
Published
2021-08-04
Title
WP Customize Login <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2025-07-17
Title
Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter
Published
2026-04-10
Title
Optimole < 4.2.4 - Reflected Cross-Site Scripting via Page Profiler URL