WordPress Plugin Vulnerabilities

WPGlobus <= 1.9.6 - Stored XSS & CSRF

Description

The WPGlobus – Multilingual Everything! WordPress plugin was affected by a Stored XSS & CSRF security vulnerability.

Affects Plugins

Plugin icon
wpglobus
Fixed in 1.9.7

References

CVE
CVE-2018-5361
CVE
CVE-2018-5362
CVE
CVE-2018-5363
CVE
CVE-2018-5364
CVE
CVE-2018-5365
CVE
CVE-2018-5366
CVE
CVE-2018-5367
URL
https://github.com/WPGlobus/WPGlobus/blob/master/CHANGELOG.md
URL
https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
3588a7fa-f2f4-4585-b017-d649be9d373d

Timeline

Publicly Published
2018-01-11 (about 6 years ago)
Added
2018-01-12 (about 6 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2023-05-10
Title
Order Your Posts Manually <= 2.2.5 - Admin+ SQLi
Published
2014-10-02
Title
WordPress Integrator 1.32 - Cross-Site Scripting (XSS)
Published
2022-05-27
Title
Easy Pricing Tables < 3.1.3 - Author+ Stored Cross-Site Scripting
Published
2014-08-01
Title
FlagEm - flagit.php cID Parameter XSS
Published
2021-11-15
Title
Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting