ThreatPress

WordPress Vulnerabilities Database

Back

WordPress JSmol2WP plugin <= 1.07 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Product
JSmol2WP
Description
Unauthenticated Cross-Site Scripting (XSS) vulnerability in WordPress JSmol2WP plugin (versions <= 1.07).
Solution
08.01.2019 - we were unable to find a patched version of this plugin. According to WordPess.org plugin repository, this plugin was closed on January 7, 2019 and is no longer available for download.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Vulnerability description
Plugin changelog
CVE
Name CVE-2018-20462
Versions
Affected In <= 1.07
Disclosure date
2019-01-08
Submitter
ThreatPress