The Delete Me plugin for WordPress, up to version 3.0, is vulnerable to a type of attack called Stored Cross-Site Scripting. This attack is able to inject web scripts into pages that will be executed by any user who visits the page. The vulnerable part of the plugin is the ‘plugin_delete_me’ shortcode, which does not display to administrators, so administrators are not at risk.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
