12 matches found
Advance Post Prefix WordPress plugin - Reflected XSS
Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...
CVE-2024-12735
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks...
CVE-2024-12734
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12734
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12735 Advance Post Prefix <= 1.1.1 - Admin+ SQL Injection
The Advance Post Prefix WordPress plugin through 1.1.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins and above to perform SQL injection attacks...
CVE-2024-12734
The CVE-2024-12734 entry covers the Advance Post Prefix WordPress plugin (versions through 1.1.1). Affected component: the plugin’s parameter output path where unsanitized/unescaped input is echoed back in the page, causing a Reflected Cross-Site Scripting (XSS) vulnerability. Root cause: imprope...
CVE-2024-12734 Advance Post Prefix <= 1.1.1 - Reflected XSS
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12734 Advance Post Prefix <= 1.1.1 - Reflected XSS
The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin Advance Post Prefix 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21438 · WordPress · Advance Post Prefix
Name of the Vulnerable Software and Affected Versions: Advance Post Prefix WordPress plugin versions 1.1.1 and earlier Description: The issue allows admins and above to perform SQL injection attacks due to a parameter not being sanitized and escaped before use in a SQL statement. Recommendations:...
WordPress plugin Advance Post Prefix 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21437
Name of the Vulnerable Software and Affected Versions Advance Post Prefix WordPress plugin versions through 1.1.1 Description The Advance Post Prefix WordPress plugin does not properly sanitize and escape a parameter before displaying it, resulting in a Reflected Cross-Site Scripting issue. This...