9 matches found
CVE-2025-31556 WordPress IMPress for IDX Broker plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS. This issue affects IMPress for IDX Broker: from n/a through 3.2.3...
WordPress plugin IMPress for IDX Broker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress IMPress for IDX Broker plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Michael Patchstack Alliance in WordPress Plugin IMPress for IDX Broker versions = 3.2.2...
WordPress IMPress for IDX Broker Authorization Issues Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.IMPress for IDX Broker is one of the plugins used to support access to MLS data. WordPress IMPress for IDX Broker Authorization Issues...
Cross site scripting
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...
Code injection
An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...
CVE-2020-9514
The CVE-2020-9514 entry affects the WordPress plugin IMPress for IDX Broker (before 2.6.2). The issue resides in wrappers.php, allowing an authenticated subscriber to perform unrestricted content changes: permanently delete arbitrary posts/pages, create new posts with arbitrary titles, and modify...
CVE-2020-11512
The CVE concerns the WordPress plugin IMPress for IDX Broker (formerly IDX Broker plugin) for WordPress, affected versions before 2.6.2. The root cause is an authenticated stored XSS in the plugin via the idx_update_recaptcha_key AJAX action, where a crafted idx_recaptcha_site_key parameter can i...
CVE-2020-11512
Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal subscriber-level permissions to save arbitrary JavaScript in the plugin's settings panel via the idxupdaterecaptchakey AJAX action and a crafted idxrecaptchasitekey parameter, which...