3 matches found
WordPress WPvivid Backup and Migration plugin任意文件读取漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WPvivid Backup and Migration plugin version 0.9.70 and previous versions contain an arbitrary file read vulnerability. An...
CVE-2021-24574
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed...
CVE-2021-24574
CVE-2021-24574 affects the WordPress Simple Banner plugin, prior to version 2.10.4. Affected component: a setting that is not sanitized/escaped, enabling authenticated users (e.g., admins) to inject a Cross-Site Scripting payload. Root cause per the documents: lack of proper sanitization/escaping...