9 matches found
CVE-2024-6718
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6713 PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6718 PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6718
The CVE-2024-6718 entry concerns the PVN Auth Popup WordPress plugin (versions
PT-2025-21493 · WordPress · Pvn Auth Popup
Name of the Vulnerable Software and Affected Versions: PVN Auth Popup WordPress plugin versions 1.0.0 and earlier Description: The issue concerns the PVN Auth Popup WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as...
WordPress plugin PVN Auth Popup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin PVN Auth Popup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress PVN Auth Popup 1.0.0 Cross Site Scripting Vulnerability
Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable...
WordPress PVN Auth Popup 1.0.0 Cross Site Scripting
Exploit Title: PVN Auth Popup alert1 for the "Login text" input 3. Save and see the XSS Note: Other fields are likely vulnerable Reference: https://wpscan.com/vulnerability/24685b19-0a44-411a-9e1b-d4d0627d7cb6/...