CVE-2022-1559

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

CVE-2022-1559

The Clipr WordPress plugin through 1.2.3 does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed...

WordPress plugin Clipr 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Cliprs plugin 1.2.3 and earlier versions have a cross-site scripting vulnerability that stems from ...

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed PoC Put the following payload in the API Key settings of the plugin: 'alert/XSS/...

Clipr <= 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its API Key settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfilteredhtml capability is disallowed Put the following payload in the API Key settings of the plugin: 'alert/XSS/ The XSS will be...

WordPress Clipr plugin <= 1.2.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Hassan Khan Yusufzai Splint3r7 in WordPress Clipr plugin versions = 1.2.3. Solution No patched version is available...