OptionTree <= 2.5.5 - Authenticated Cross-Site Scripting (XSS)

Affects Plugin

fixed in version 2.6.0

References

CVE 2016-10895
URL https://security.szurek.pl/optiontree-255-reflected-xss.html

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Kacper Szurek
Submitter Ryan Dewhurst
Submitter Website https://wpscan.io
Submitter Twitter ethicalhack3r
Views 7224
Verified No
WPVDB ID 9264

Timeline

Publicly Published 2016-02-10 (over 4 years ago)
Added 2019-04-30 (about 1 year ago)
Last Updated 2019-11-28 (6 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin