CVE-2023-0937

The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress VK All in One Expansion Unit plugin <= 9.99.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin VK All in One Expansion Unit versions = 9.99.1.0...

PT-2024-19018 · WordPress · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit plugin for WordPress versions up to, and including, 9.96.0.1 Description: The issue is related to Stored Cross-Site Scripting via the child page index widget due to insufficient input sanitization and output...

WordPress VK All in One Expansion Unit Plugin < 9.86.0.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vektor-inc:vkallinoneexpansionunit"; if description...

WordPress Plugin VK All in One Expansion Unit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...