WordPress Plugin Vulnerabilities

Ultimate Addons for Visual Composer < 3.16.12 - Authenticated XSS, CSRF, RCE

Description

The Ultimate_VC_Addons WordPress plugin was affected by Authenticated XSS, CSRF and RCE security vulnerabilities

Affects Plugins

Plugin icon
Ultimate_VC_Addons
Fixed in 3.16.12

References

URL
http://wphutte.com/ultimate-addons-for-visual-composer-v3-16-10-xss-csrf-rce/
URL
https://codecanyon.net/item/ultimate-addons-for-visual-composer/6892199

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.9 (critical)

Miscellaneous

Submitter
WpHutte
Submitter website
http://wphutte.com
Submitter twitter
@wphutte
Verified
No
WPVDB ID
69855e26-0ea8-4b57-804b-65afaeffed7f

Timeline

Publicly Published
2017-05-15 (about 7 years ago)
Added
2017-05-17 (about 7 years ago)
Last Updated
2021-02-16 (about 3 years ago)

Other

Published
Title
Published
2019-06-24
Title
Custom 404 Pro < 3.2.8 - XSS
Published
2014-08-01
Title
Photolio - VideoJS Cross-Site Scripting
Published
2023-04-19
Title
Help Desk WP <= 1.2.0 - Editor+ Stored XSS
Published
2023-12-27
Title
Product Code for WooCommerce < 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-11-28
Title
Popup Manager <= 1.6.6 - Unauthenticated Stored XSS