14 matches found
EUVD-2022-34597
Malicious code in bioql PyPI...
CVE-2022-2328
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2328
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2328
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2328
Summary of CVE-2022-2328 : The Flexi Quote Rotator WordPress plugin (versions ≤ 0.9.4) does not sanitise or escape its settings, enabling stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Multiple sources confirm the vulnerability as an a...
CVE-2022-2328 Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
PT-2022-15919 · WordPress · Flexi Quote Rotator
Name of the Vulnerable Software and Affected Versions: Flexi Quote Rotator WordPress plugin versions 0.9.4 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...
WordPress plugin Flexi Quote Rotator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Flexi Quote Rotator plugin <= 0.9.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Ruf in WordPress Flexi Quote Rotator plugin versions = 0.9.4. Solution Deactivate and delete. This plugin has been closed as of July 6, 2022 and is not available for download. This closure is temporary, pending a ful...
Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload to a new quote:...
Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload to a new quote:...
WordPress Flexi Quote Rotator Plugin - Multiple Vulnerabilities
This plugin is prone to a cross site request forgery and SQL injection vulnerabilities. Solution Upgrade the plugin...
WordPress Flexi Quote Rotator Plugin - Multiple Vulnerabilities
This plugin is prone to a cross site request forgery and SQL injection vulnerabilities. Solution Upgrade the plugin...
Flexi Quote Rotator - Cross-Site Request Forgery & SQL Injection Vulnerabilities
The Flexi Quote Rotator WordPress plugin was affected by a Cross-Site Request Forgery & SQL Injection Vulnerabilities security vulnerability...