WordPress Plugin Vulnerabilities

pondol-carousel 1.0 - Cross-Site Scripting (XSS)

Description

The pondol-carousel WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
pondol-carousel
No known fix

References

CVE
CVE-2016-1000145
URL
https://www.openwall.com/lists/oss-security/2016/05/11/12
URL
http://www.vapidlabs.com/wp/wp_advisory.php?v=524

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
fe469d59-b665-48c5-8283-c671a96e7d6d

Timeline

Publicly Published
2016-05-11 (about 10 years ago)
Added
2016-05-11 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-05
Title
WPBakery Page Builder for WordPress < 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-04
Title
FunnelCockpit < 1.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-05-13
Title
FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS
Published
2024-10-10
Title
Powerpress < 11.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via skipto Shortcode
Published
2026-05-11
Title
scratchblocks for WP <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute