ThreatPress

WordPress Vulnerability Database

Back

WordPress Custom Global Variables plugin <= 1.0.5 - Stored Cross-Site Scripting (XSS) vulnerability

Product
Custom Global Variables
Description
Stored Cross-Site Scripting (XSS) vulnerability found by Swapnil Subhash Bodekar in WordPress Custom Global Variables plugin (versions <= 1.0.5).
Solution
2021-01-11 - we couldn't find a patched version of this plugin. The last version was released two years ago, and the plugin is poorly maintained, so we recommend you deactivate and uninstall it until the patched version will be available.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
Vulnerability details
CVE
Name CVE-N/A
Versions
Affected In <= 1.0.5
Disclosure date
2021-01-11
Credits
Swapnil Subhash Bodekar