CVE-2013-6991

Wokamoto Wp-cron Dashboard < 1.1.5 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.

References (3)

[Vendor Advisory] http://wordpress.org/support/topic/wp-cron-dashboard-115-security-vulnerability-notification-xss

[Exploit] https://www.htbridge.com/advisory/HTB23189

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/530536/100/0/threaded

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Details

CWE

CWE-79

Status published

Products (7)

wokamoto/wp-cron_dashboard < 1.1.5

wokamoto/wp-cron_dashboard

n/a/n/a

Published Jan 03, 2014

Tracked Since Feb 18, 2026