22 matches found
EUVD-2021-11458
Malware in sbrugna...
WordPress Plugin EditorsKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
CVE-2024-2794
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-2794
The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
CVE-2024-2794
CVE-2024-2794 – The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘editorskit’ shortcode in all versions up to and including 1.40.4. The Red Hat CVE entry confirms the issue stems from insufficient input sanitization...
WordPress Plugin Gutenberg Block Editor Toolkit 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-22153 · WordPress · Editorskit
Name of the Vulnerable Software and Affected Versions: Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress versions up to, and including, 1.40.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode due to insufficient input...
CVE-2023-6635
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...
CVE-2023-6635
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...
Input validation
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...
CVE-2023-6635
The CVE-2023-6635 entry concerns the WordPress EditorsKit plugin. Affected component: the import_styles function. Root cause: missing file type validation allows an authenticated administrator to upload arbitrary files to the site server, potentially enabling remote code execution. Affected versi...
CVE-2023-6635 EditorsKit <= 1.40.3 - Authenticated (Administrator+) Arbitrary File Upload
The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload...
PT-2024-15036 · WordPress · Editorskit
Name of the Vulnerable Software and Affected Versions: The EditorsKit plugin for WordPress versions up to, and including, 1.40.3 Description: The issue arises from missing file type validation on the import styles function, allowing authenticated attackers with administrator-level capabilities or...
WordPress plguin EditorsKit Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
EditorsKit < 1.40.4 - Authenticated (Administrator+) Arbitrary File Upload
Description The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'importstyles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, t...
WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin code injection vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin version 1.31.6 before the code injection vulnerability, the...
CVE-2021-24546
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
CVE-2021-24546
The CVE-2021-24546 vulnerability affects the WordPress Gutenberg Block Editor Toolkit EditorsKit plugin up to version 1.31.5 (fixed in 1.31.6). Root cause: the plugin does not sanitize/validate the Conditional Logic of the Custom Visibility settings, enabling a low-privilege contributor to execut...
CVE-2021-24546 EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution
The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...
WordPress 插件 代码注入漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Gutenberg Block Editor Toolkit-EditorsKit plugin version 1.31.6 before the code injection vulnerability, the...