EUVD-2023-12913

Malicious code in bioql PyPI...

WordPress Custom Permalinks plugin <= 2.6.0 - Authenticated(Editor+) Stored Cross-Site Scripting vulnerability

AuthenticatedEditor+ Stored Cross-Site Scripting vulnerability discovered by Ram in WordPress Plugin Custom Permalinks versions = 2.6.0...

WordPress Custom Permalinks Plugin <= 2.6.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom Permalinks Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0926 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 85e376d90fe6 Credits Ram Required privilege...

CVE-2023-0926

The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary we...

CVE-2023-0926

The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.6.0 due to insufficient input sanitization and output escaping on tag names. This allows authenticated users, with editor-level permissions or greater to inject arbitrary we...

CVE-2023-0926

CVE-2023-0926 describes a Stored XSS vulnerability in the WordPress plugin Custom Permalinks . Affected versions are

PT-2024-11930 · WordPress · Custom Permalinks

Name of the Vulnerable Software and Affected Versions: Custom Permalinks plugin for WordPress versions up to and including 2.6.0 Description: The issue is related to insufficient input sanitization and output escaping on tag names, allowing authenticated users with editor-level permissions or...

WordPress plugin Custom Permalinks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress Custom Permalinks plugin <=1.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found in WordPress Custom Permalinks plugin versions =1.1. Solution Update the WordPress Custom Permalinks plugin to the latest available version at least 1.2...

WordPress Custom Permalinks plugin <=1.1 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability found in WordPress Custom Permalinks plugin versions =1.1. Solution Update the WordPress Custom Permalinks plugin to the latest available version at least 1.2...

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability. Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete&permalinks=1 PAYLOAD -- "...

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks&s=alert1...

Custom Permalinks <= 1.1 - Authenticated SQL Injection

Missing checking of user controllable input during Bulk Action in the Custom Permalinks backend page leads to SQL injection vulnerability. PoC Send authenticated POST request to "URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks" with parameters "action=delete=1 PAYLOAD -- "...

Custom Permalinks <= 1.1 - Cross-Site Scripting (XSS)

User controllable input in the admin page of Custom Permalinks gets output without any escaping. PoC URL/wp-admin/admin.php?page=custom-permalinks-post-permalinks=...