WordPress Plugin Vulnerabilities

TypoFR <= 0.11 - Reflected Cross-Site Scripting

Description

The plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts

Affects Plugins

Plugin icon
typofr
No known fix

References

CVE
CVE-2021-34657
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-34657

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
p7e4
Verified
No
WPVDB ID
7dbb8af6-e352-4588-b61e-aea14e3d998b

Timeline

Publicly Published
2021-08-13 (about 2 years ago)
Added
2021-08-13 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2017-02-19
Title
Time Sheets < 1.5.2 - Multiple XSS
Published
2022-11-03
Title
Find and Replace All < 1.3 - Reflected Cross Site Scripting
Published
2015-08-17
Title
WordPress Gallery Plugin 1.0 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2023-01-27
Title
Material Design Icons for Page Builders < 1.4.3 - Contributor+ Stored XSS
Published
2023-11-23
Title
Fast Custom Social Share by CodeBard <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting