Themify Portfolio Post < 1.2.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. themifyportfolioposts imageh='100"...

Patch Now: The WordPress 6.0.3 Security Update Contains Important Fixes

The WordPress 6.0.3 Security Update contains patches for a large number of vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit. As with every WordPress core release containing security fixes, the Wordfenc...

CVE-2022-2241

The Featured Image from URL FIFU WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, ...

WordPress plugin Featured Image from URL (FIFU) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2022-15412 · WordPress · Featured Image From Url

Name of the Vulnerable Software and Affected Versions: Featured Image from URL FIFU WordPress plugin versions prior to 4.0.1 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

WordPress plugin Featured Image from URL (FIFU) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Featured Image from URL plugin <= 3.9.9 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability

Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin versions = 3.9.9. Solution Update the WordPress Featured Image from URL plugin to the latest available version at least 4.0.0...

Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues PoC All...

CVE-2021-24932

The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...

Cross site scripting

The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24932

The CVE-2021-24932 entry concerns the WordPress plugin Auto Featured Image (Auto Post Thumbnail) prior to version 3.9.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient sanitisation/escaping of the post_id parameter in an admin page output within a JS block...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Auto Featured Image Plugin is a WordPress open source application plugin. WordPress Auto Featured Image Plugin prio...

Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. PoC https://example.com/wp-admin/upload.php?page=menu-media-aptid=alert/XSS/...

WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 3.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Auto Featured Image Auto Post Thumbnail plugin versions = 3.9.2. Solution Update the WordPress Auto Featured Image Auto Post Thumbnail plugin to the latest available version at least 3.9.3...