WordPress Plugin Vulnerabilities

AddThis Sharing Buttons <= 5.0.12 - Authenticated Cross-Site Scripting (XSS)

Description

The WordPress Share Buttons Plugin – AddThis WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
addthis
Fixed in 5.0.13

References

CVE
CVE-2015-9439
URL
http://cinu.pl/research/wp-plugins/mail_86159238a0492a8c7d32678a61912372.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
fd71e11a-a086-49cf-aa17-0282d1d9ddfa

Timeline

Publicly Published
2015-08-11 (about 10 years ago)
Added
2015-11-22 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-04-26
Title
Popup4Phone <= 1.3.2 - Unauthenticated Stored XSS
Published
2024-12-02
Title
WordPress Auction Plugin <= 3.7 - Authenticated (Editor+) Stored Cross-Site Scripting
Published
2024-06-22
Title
if-so < 1.8.0.4 - Reflected XSS
Published
2022-07-27
Title
GS Testimonial Slider < 1.9.7 - Author+ Stored Cross-Site Scripting
Published
2025-01-16
Title
Easy Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting