WordPress 插件跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Premium Addons for Elementor Plugin versions prior to 4.2.8. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

WordPress 插件跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress WooLentorCWooCommerce Elementor Addons+Builder versions prior to 1.8.6. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

WordPress Plus Addonsfor Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress The Plus Addons for Elementor Page Builder Lite Plugin versions prior to 2.0.6. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

WordPress All-in-One Addons for Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress All-in-One Addons for ElementorCWidgetKit Plugin versions prior to 2.3.10. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

WordPress Clever Addons for Elementor 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Clever Addons for Elementor Plugin versions prior to 2.10.0. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

WordPress Essential Addons for Elementor Lite 跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Essential Addons for Elementor Lite Plugin versions prior to 4.5.4. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

Elementor 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in versions prior to...

WordPress 插件跨站脚本漏洞

WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Elementor Addons-PowerPack Addons for Elementor plugin versions prior to 2.3.2. An attacker can exploit this vulnerability to launch a cross-site scripting attack...

Elementor 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in WordPress HT Mega...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.33 and fixes at least the following security issues: A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If...

Happy Addons for Elementor Free < 2.24.0 and Pro < 1.17.0 - Contributor+ Stored XSS

The plugins have a number of widgets that are vulnerable to stored Cross-Site ScriptingXSS by lower-privileged users such as contributors, all via a similar method: The “Card” widget accepts a “titletag” parameter. Although the element control lists a fixed set of possible html tags, it is possib...

BlackCat CMS 1.3.6 - (Multiple) Stored Cross-Site Scripting (XSS) Vulnerability

Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting XSS Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Step 1 : Login to admin account in...

BlackCat CMS 1.3.6 - &#039;Multiple&#039; Stored Cross-Site Scripting (XSS)

Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting XSS Date: 04/07/2021 Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://blackcat-cms.org/ Software Link: https://blackcat-cms.org/page/download.php Version: BlackCat CMS - 1.3.6 Step 1 : Login to admin account in...

Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload

The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...

Kaswara Modern VC Addons (0-day) - Unauthenticated Arbitrary File Upload

The plugin allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP. The vendor has been unresponsive to both the reporter and Envato,...

WordPress Clever Addons for Elementor plugin <= 2.0.15 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Ramuel Gall Wordfence in WordPress Clever Addons for Elementor plugin versions = 2.0.15. Solution Update the WordPress Clever Addons for Elementor plugin to the latest available version at least 2.1.0...

WordPress Ultimate Addons for Elementor premium plugin <= 1.29.2 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress Ultimate Addons for Elementor premium plugin versions = 1.29.2. Solution Update the WordPress Ultimate Addons for Elementor premium plugin to the latest available version at least 1.30.0...

WordPress Livemesh Addons for Elementor plugin <= 6.7.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress Livemesh Addons for Elementor plugin versions = 6.7.1. Solution Update the WordPress Livemesh Addons for Elementor plugin to the latest available version at least 6.8...

WordPress Premium Addons for Elementor plugin <= 4.2.7 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress Premium Addons for Elementor plugin versions = 4.2.7. Solution Update the WordPress Premium Addons for Elementor plugin to the latest available version at least 4.2.8...

WordPress PowerPack Addons for Elementor plugin <= 2.3.1 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities

Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities discovered by WordFence in WordPress PowerPack Addons for Elementor plugin versions = 2.3.1. Solution Update the WordPress PowerPack Addons for Elementor plugin to the latest available version at least 2.3.2...