5 matches found
CVE-2021-24516
The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...
WordPress Plugin Pie Register Auth Bypass to RCE
This module uses an authentication bypass vulnerability in Wordpress Plugin Pie Register use exploit/unix/webapp/wppieregisterbypassrce msf exploitwppieregisterbypassrce show targets ...targets... msf exploitwppieregisterbypassrce set TARGET msf exploitwppieregisterbypassrce show options ...show...
CVE-2021-24516
creationtimestamp| type| source ---|---|--- 2021-10-18 18:32:18+00:00| seen| https://t.me/cibsecurity/30713...
CVE-2021-24516 PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting
The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfilteredhtml is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue...
CVE-2021-24516
CVE-2021-24516 affects PlanSo Forms for WordPress (