ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Coming Soon plugin <=1.1.18 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Product
Coming Soon
Description
Multiple Cross-Site Scripting (XSS) vulnerabilities found d4wner in WordPress Coming Soon plugin (versions <=1.1.18).
Solution
Update the WordPress Coming Soon plugin to the latest available version (at least 1.1.19).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-5660, 2018-5661, 2018-5662, 2018-5663, 2018-5664, 2018-5665, 2018-5666, 2018-5657, 2018-5659
Versions
Affected In <=1.1.18
Fixed In 1.1.19
Disclosure date
2018-01-22
Credits
d4wner
Submitter
ThreatPress