WordPress Plugin Vulnerabilities

WassUp Real Time Analytics <= 1.9 - Cross Site Scripting

Description

The WassUp Real Time Analytics WordPress plugin was affected by a Cross Site Scripting security vulnerability.

Affects Plugins

Plugin icon
wassup
Fixed in 1.9.1

References

CVE
CVE-2016-10919
URL
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_wassup_real_time_analytics_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
14a1304e-de6e-4a05-96ac-5ea292230b3a

Timeline

Publicly Published
2016-11-08 (about 7 years ago)
Added
2016-11-08 (about 7 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2014-08-01
Title
Elegant Grunge 1.0.3 - s Parameter XSS
Published
2021-05-24
Title
WP LMS < 1.1.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2023-11-23
Title
Import Spreadsheets from Microsoft Excel < 10.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2019-09-05
Title
WordPress 5.2.2 - Cross-Site Scripting (XSS) in Dashboard
Published
2023-03-11
Title
WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS