Lucene search
Benjamin LimPATCHSTACK:18C9157E2CC0BA316DC9FAFA3DBA5F0CHistorySep 06, 2017 - 12:00 a.m.
WordPress Participants Database plugin <=1.7.5.9 - Cross-Site Scripting (XSS) vulnerability
2017-09-0600:00:00
Benjamin Lim
patchstack.com
5
0.002 Low
EPSS
Percentile
61.4%
Cross-Site Scripting (XSS) vulnerability found by Benjamin Lim in WordPress Participants Database plugin version 1.7.5.9 and earlier versions. Data of the text input field of the plugin passed without escaping HTML special characters thus allows an attacker to insert javascript.
Solution
Update the WordPress Participants Database plugin to the latest available version (at least 1.7.5.10).
| CPE | Name | Operator | Version |
|---|---|---|---|
| participants database | le | 1.7.5.9 |
Related
nvd
nvd
CVE-2017-14126
2017-09-04 20:29:00
exploitpack
exploitpack
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting
2017-09-01 00:00:00
wpvulndb
wpvulndb
Participants Database <= 1.7.5.9 - Cross-Site Scripting
2017-09-06 00:00:00
cvelist
cvelist
CVE-2017-14126
2017-09-04 20:00:00
wpexploit
wpexploit
Participants Database <= 1.7.5.9 - Cross-Site Scripting
2017-09-06 00:00:00
prion
prion
Cross site scripting
2017-09-04 20:29:00
zdt
zdt
cve
cve
CVE-2017-14126
2017-09-04 20:29:00
exploitdb
exploitdb
WordPress Plugin Participants Database < 1.7.5.10 - Cross-Site Scripting
2017-09-01 00:00:00