Cross-Site Scripting in Quotes Collection Plugin by WordPress
CVE-2016-10952

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Quotes Collection
Vendor
CVE Published:
13 September 2019

What is CVE-2016-10952?

The Quotes Collection plugin for WordPress, prior to version 2.0.6, is susceptible to a Cross-Site Scripting (XSS) vulnerability through the wp-admin/admin.php?page=quotes-collection page parameter. An attacker could exploit this flaw to inject malicious scripts, potentially compromising user sessions and leading to unauthorized access or data theft. Users are advised to upgrade to the latest version to mitigate this risk.

References

https://wpvulndb.com/vulnerabilities/8649
x_refsource_MISC
https://wordpress.org/plugins/quotes-collection/#developers
x_refsource_MISC
https://sumofpwn.nl/advisory/2016/cross_site_scripting_vu...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-10952 : Cross-Site Scripting in Quotes Collection Plugin by WordPress