ThreatPress

WordPress Vulnerabilities Database

Back

WordPress WD Instagram Feed plugin 1.3.0 — Cross-Site Scripting (XSS) vulnerabilities

Product
WD Instagram Feed
Description
Cross-Site Scripting (XSS) vulnerabilities found by Karan Saini in WordPress WD Instagram Feed plugin (version 1.3.0).
Solution
Update the WordPress WD Instagram Feed plugin to the latest available version (at least 1.3.1).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-2018-10300, 2018-10301
Versions
Affected In 1.3.0
Fixed In 1.3.1
Disclosure date
2018-04-29
Credits
Karan Saini
Submitter
ThreatPress