19 matches found
EUVD-2021-11597
Malware in sbrugna...
CVE-2021-24789
The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24685
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...
WordPress Flat Preloader plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Flat Preloader Plugin in versions prior to 1.5.5 has a cross-site scripting vulnerability that stems from...
CVE-2021-24789
The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24685
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...
CVE-2021-24789 Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting
The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24789
The CVE refers to WordPress Flat Preloader plugin pre-1.5.5. Connected sources confirm a cross-site scripting (XSS) vulnerability where certain settings are not escaped when output in HTML attributes, enabling an attacker with admin-level access to trigger client-side JS even when unfiltered_html...
CVE-2021-24685 Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...
CVE-2021-24685
The CVE-2021-24685 affects the Flat Preloader WordPress plugin prior to version 1.5.4. Root cause: the plugin does not enforce nonce checks when saving settings and fails to sanitise/escape inputs, enabling a logged-in admin to modify settings that can trigger stored Cross-Site Scripting (XSS) pa...
WordPress plugin The Flat Preloader 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2021-16195 · WordPress · Flat Preloader
Name of the Vulnerable Software and Affected Versions: Flat Preloader WordPress plugin versions prior to 1.5.4 Description: The issue arises from the lack of nonce checks when saving settings and the failure to sanitise and escape them, which could allow attackers to make logged-in admins change...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Flat Preloader Plugin in versions prior to 1.5.5 has a cross-site scripting vulnerability that stems from...
Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend depending on the payload The CSRF was...
Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Put the following payload in the "Alt text" setting of the plugin, then view...
Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Put the following payload in the "Alt text" setting of the plugin, then...
Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting
The plugin does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend depending on the payload The CSRF was...
WordPress Flat Preloader plugin <= 1.5.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Flat Preloader plugin versions = 1.5.4. Solution Update the WordPress Flat Preloader plugin to the latest available version...
WordPress Flat Preloader plugin <= 1.5.3 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by apple502j in WordPress Flat Preloader plugin versions = 1.5.3. Solution Update the WordPress Flat Preloader plugin to the latest available version at least 1.5.4...