WordPress Plugin Vulnerabilities

Incoming Links <= 0.9.9b - referrers.php XSS

Description

The incoming-links WordPress plugin was affected by a referrers.php XSS security vulnerability.

Affects Plugins

Plugin icon
incoming-links
Fixed in 0.9.10b

References

CVE
CVE-2015-9472
URL
https://plugins.trac.wordpress.org/changeset/1080044/incoming-links

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
pvdl
Verified
No
WPVDB ID
a04904bc-0d15-49a4-854d-d9d7aa4e3e03

Timeline

Publicly Published
2015-02-01 (about 9 years ago)
Added
2015-05-31 (about 8 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2023-11-07
Title
WP Crowdfunding < 2.1.7 - Reflected XSS
Published
2014-08-01
Title
Codilight Premium 1.0.0 - admin/front-end/options.php reset Parameter XSS
Published
2024-04-30
Title
Ultimate Under Construction < 1.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2020-06-23
Title
WooCommerce < 4.2.1 - Potential Cross-Site Scripting (XSS) via SelectWoo
Published
2021-08-24
Title
Contact Form Entries < 1.2.1 - Reflected Cross-Site Scripting