WordPress Plugin Vulnerabilities

Soundy Background Music <= 3.9 - Cross-Site Scripting (XSS)

Description

The last time it was checked the plugin was still affected and had been closed.

Affects Plugins

Plugin icon
soundy-background-music
No known fix

References

CVE
CVE-2018-6002
URL
https://www.defensecode.com/advisories/DC-2018-01-001_WordPress_Soundy_Background_Music_Plugin_Advisory.pdf

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
2fb2a07a-6aa2-4a92-8609-8743f555450c

Timeline

Publicly Published
2018-01-18 (about 6 years ago)
Added
2019-08-23 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2022-01-06
Title
WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
Published
2022-12-29
Title
Top 10 < 3.2.3 - Contributor+ Stored XSS
Published
2023-10-23
Title
Reusable Text Blocks <= 1.5.3 - Author+ Stored Cross-Site Scripting via Shortcode
Published
2024-01-17
Title
Essential Addons for Elementor < 5.9.5 - Contributor+ Stored Cross-Site Scripting via Image URl
Published
2016-09-21
Title
W3 Total Cache < 0.9.5 - Authenticated Reflected Cross-Site Scripting (XSS)