48 matches found
WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Sticky banner versions = 1.2.0...
CVE-2024-34429 WordPress Simple Website Banner plugin <= 1.8.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Orchestrated Corona Virus COVID-19 Banner & Live Data allows Stored XSS.This issue affects Corona Virus COVID-19 Banner & Live Data: from n/a through 1.8.0.2...
WordPress Simple Website Banner plugin <= 1.8.0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Corona Virus COVID-19 Banner & Live Data versions = 1.8.0.3...
The vulnerability of the JKit component – the Banner plugin of the Jeg Elementor Kit, a content management system for WordPress – allows attackers to perform cross-site scripting attacks.
The vulnerability of the JKit component – a banner plugin for Elementor Kit within the WordPress content management system – is related to the lack of protective measures for website page structures. Exploiting this vulnerability allows attackers to perform cross-site scripting attacks remotely...
CVE-2023-28930
Cross-Site Request Forgery CSRF vulnerability in Robin Phillips Mobile Banner plugin = 1.5 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Robin Phillips Mobile Banner plugin = 1.5 versions...
CVE-2023-28930
CVE-2023-28930 is a CSRF vulnerability in the WordPress Mobile Banner plugin, affecting versions ≤ 1.5. The issue allows unauthenticated users to trigger plugin settings changes. Patch status: fixed in version 1.6. Reduction in impact notes that exploitation is unlikely; CVSS/impact reports from ...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin = 1.1.3 versions...
CVE-2023-33315
Cross-Site Request Forgery CSRF vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin = 1.1.2 versions...
CVE-2023-33315
The CVE-2023-33315 entry describes a CSRF vulnerability in the WordPress Smart App Banner plugin (versions
CVE-2022-2515
The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...
CVE-2022-2515 Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting
The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...
CVE-2022-2515 Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting
The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...
CVE-2022-0446
The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin Simple Banner 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting
The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...
Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting
The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...
Simple Banner < 2.12.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings proversionactivationcode settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-13038 · WordPress · Random Banner
Name of the Vulnerable Software and Affected Versions: Random Banner WordPress plugin versions up to and including 4.1.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file. This allow...
CVE-2021-24574
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed...