5 matches found
CVE-2021-24434
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a...
CVE-2021-24434 Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)
The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a...
WordPress Plugins Glass 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code injection vulnerability exists in WordPress Plugin...
Glass <= 1.3.2 - CSRF to Stored Cross-Site Scripting (XSS)
The plugin does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. PoC Add the...
WordPress Glass plugin <= 1.3.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Stored Cross-Site Scripting XSS discovered by ABISHEIK M in WordPress Glass plugin versions = 1.3.2. Solution This plugin has been closed as of May 26, 2021 and is not available for download. This closure is temporary, pending a full review...