60 matches found
WordPress InPost Gallery Plugin <= 2.1.4.1 is vulnerable to Cross Site Scripting (XSS)
Software InPost Gallery Type Plugin Vulnerable versions = 2.1.4.1 Fixed in 2.1.4.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-28666 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID a2e097871dba Credits Joshua Martinelle...
CVE-2023-28666
The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...
PT-2023-21887 · WordPress · Inpost Gallery
Name of the Vulnerable Software and Affected Versions: InPost Gallery WordPress plugin versions prior to 2.2.2 Description: The issue is a reflected cross-site scripting vulnerability. It affects the imgurl parameter to the add inpost gallery slide item action and can only be triggered by an...
CVE-2023-28666
The InPost Gallery WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the addinpostgalleryslideitem action, which can only be triggered by an authenticated user...
InPost Gallery <= 2.1.4.1 - Reflected XSS
The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open...
WordPress plugin InPost Gallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
InPost Gallery <= 2.1.4.1 - Reflected XSS
The plugin does not sanitise and escape the imgurl parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open...
CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
Design/Logic Flaw
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063 InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers...
CVE-2022-4063
The CVE-2022-4063 issue affects WordPress InPost Gallery plugin versions before 2.1.4.1. The root cause is insecure use of PHP’s extract() when rendering HTML views, which can force inclusion of arbitrary files/URLs and may enable code execution on the server via Local File Inclusion (LFI) or rem...
PT-2022-25427 · WordPress · Inpost Gallery
Name of the Vulnerable Software and Affected Versions: InPost Gallery WordPress plugin version 2.1.4 and earlier Description: The issue arises from the insecure use of PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files and URLs. This cou...
WordPress plugin InPost Gallery 路径遍历漏洞
WordPress and others are products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language.WordPress plugin is an application plugin.PHP and others are products of.PHP is a scripting language that executes on the server side. A path traversal...
InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. PoC Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath"...
InPost Gallery < 2.1.4.1 - Unauthenticated LFI to RCE
The plugin insecurely uses PHP's extract function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. Invoke the following shell commands to disclose the /etc/passwd file: Define the payload "pagepath" value...
WordPress InPost Gallery plugin <= 2.1.2 - Authenticated Persistent Cross-Site (XSS) Vulnerability
WordPress InPost Gallery plugin version = 2.1.2 is vulnerable to Cross-Site XSS vulnerability. The values on the admin settings page are not escaped. Solution Update the plugin...
WordPress InPost Gallery Plugin <= 2.1.2 - Local File Inclusion (LFI) Vulnerability
WordPress InPost Gallery plugin is prone to a local file inclusion vulnerability. The value of “popupshortcodekey”, in to the function renderhtml is not validated and later it is included. Solution Update the plugin...
InPost Gallery <= 2.1.2 - LFI & Authenticated Stored XSS
The InPost Gallery WordPress plugin was affected by a LFI & Authenticated Stored XSS security vulnerability...