WordPress plugin code injection vulnerability (CNVD-2021-52420)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code injection vulnerability exists in WordPress Plugin...

CVE-2021-24434

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a...

PT-2021-15962 · WordPress · Glass

Name of the Vulnerable Software and Affected Versions: Glass WordPress plugin versions 1.3.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Glass Pages setting is not properly sanitised or escaped before being outputted in a page...

Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. Add the following...