CVE-2013-2695
published 2014-03-28CVE-2013-2695: Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.60%
72.8th percentile
Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpsymposiumpro | wp_symposium | <= 13.02 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WP Symposium up to 13.1 invite.php cross site scripting (SA52864 / OSVDB-92275)
vuldb·2026-05-09·CVSS 4.3
CVE-2013-2695 [MEDIUM] WP Symposium up to 13.1 invite.php cross site scripting (SA52864 / OSVDB-92275)
A vulnerability has been found in WP Symposium up to 13.1 and classified as problematic. This affects an unknown function of the file invite.php. This manipulation causes cross site scripting.
This vulnerability is handled as CVE-2013-2695. The attack can be initiated remotely. There is not any exploit available.
The affected component should be upgraded.
GHSA
GHSA-q2r8-289v-7r2h: Cross-site scripting (XSS) vulnerability in invite
ghsa_unreviewed·2022-05-14
CVE-2013-2695 [MEDIUM] CWE-79 GHSA-q2r8-289v-7r2h: Cross-site scripting (XSS) vulnerability in invite
Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-03-28
Published