WordPress Plugin Vulnerabilities

Register IPs <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

Description

The Register IPs WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
register-ip-multisite
Fixed in 1.8.1

References

URL
https://plugins.trac.wordpress.org/changeset/2082813/register-ip-multisite

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
@juliobox
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
398d6655-ffee-4da6-9b62-1805b9fe3ee3

Timeline

Publicly Published
2019-05-14 (about 5 years ago)
Added
2019-05-14 (about 5 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2020-07-27
Title
Real Estate 7 < 3.0.4 - Unauthenticated Reflected XSS
Published
2023-01-10
Title
Page View Count < 2.6.1 - Contributor+ Stored XSS
Published
2023-08-07
Title
WP Categories Widget < 2.3 - Reflected XSS
Published
2014-08-01
Title
HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness
Published
2024-04-10
Title
WP Login and Logout Redirect < 2.0 - Authenticated (Admin+) Stored Cross-Site Scripting