8 matches found
CVE-2024-6797
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6797
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6797
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6797 DL Robots.txt <= 1.2 - Admin+ Stored XSS
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6797 DL Robots.txt <= 1.2 - Admin+ Stored XSS
The DL Robots.txt WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6797
CVE-2024-6797 affects the DL Robots.txt WordPress plugin (versions ≤ 1.2). The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). ...
WordPress plugin DL Robots.txt 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress DL Robots.txt Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software DL Robots.txt Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6797 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4c6959146180 Credits Bob Matyas Required privilege...