WordPress Plugin Vulnerabilities

Soundy Audio Playlist <= 4.6 - XSS

Description

Plugin is still affected and has been closed.

Affects Plugins

Plugin icon
soundy-audio-playlist
No known fix

References

CVE
CVE-2018-6001
URL
https://www.defensecode.com/advisories/DC-2018-01-002_WordPress_Soundy_Audio_Playlist_Plugin_Advisory.pdf

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
bbd8cb62-59b7-4999-9f28-12f879d3cc0b

Timeline

Publicly Published
2018-01-09 (about 6 years ago)
Added
2019-08-23 (about 4 years ago)
Last Updated
2020-09-22 (about 3 years ago)

Other

Published
Title
Published
2023-03-17
Title
WP Express Checkout < 2.2.9 - Admin+ Stored XSS
Published
2016-08-03
Title
Activity Log <= 2.3.2 - Cross-Site Scripting (XSS) in 'page'
Published
2024-03-25
Title
Testimonial Slider < 2.3.8 - Admin+ Stored Cross-Site Scripting
Published
2024-03-19
Title
Contests by Rewards Fuel < 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting via update_rewards_fuel_api_key
Published
2022-05-16
Title
WP Born Babies <= 1.0 - Contributor+ Stored Cross-Site Scripting