141 matches found
Cross site scripting
The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...
CVE-2022-4562
CVE-2022-4562 affects the Meks Flexible Shortcodes WordPress plugin prior to 1.3.5. The root cause is failure to validate and escape certain shortcode attributes in output, enabling Stored XSS when exploited by users with as low as Contributor; admins and high-privilege users are at risk. Multipl...
CVE-2022-4562 Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...
WordPress plugin Meks Flexible Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit:...
Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit:...
WordPress Meks Flexible Shortcodes Plugin < 1.3.5 is vulnerable to Cross Site Scripting (XSS)
Software Meks Flexible Shortcodes Type Plugin Vulnerable versions 1.3.5 Fixed in 1.3.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4562 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8b8d54e4673c Credits Lana Codes...
CVE-2022-2574
The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin Meks Easy Social Share 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2022-17484 · WordPress · Meks Easy Social Share
Name of the Vulnerable Software and Affected Versions: Meks Easy Social Share WordPress plugin versions prior to 1.2.8 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
CVE-2022-2574 Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting
The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2574 Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting
The Meks Easy Social Share WordPress plugin before 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2574
Summary: CVE-2022-2574 affects the WordPress plugin Meks Easy Social Share (versions before 1.2.8). The root cause is inadequate sanitisation/escaping of plugin settings, enabling stored XSS by high-privilege users (e.g., admins), potentially in multisite environments where unfiltered_html is dis...
WordPress Meks Easy Social Share plugin <= 1.2.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Meks Easy Social Share plugin versions = 1.2.7. Solution Update the WordPress Meks Easy Social Share plugin to the latest available version at least 1.2.8...
Meks Easy Social Share < 1.2.8 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Intercept the request made when saving the setting...
WordPress Meks Easy Photo Feed Widget Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Meks Easy Photo Feed Widget has a cross-site scripting vulnerability that can be exploited by any...
CVE-2021-24958 Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could...
CVE-2021-24958
CVE-2021-24958 affects the Meks Easy Photo Feed Widget WordPress plugin prior to version 1.2.4. Root cause: the meks_save_business_selected_account AJAX action lacks capability and CSRF checks and does not escape some settings, making it accessible to any authenticated user. Impact: any authentic...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Meks Easy Photo Feed Widget has a cross-site scripting vulnerability that can be exploited by any...
Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS
The plugin does not have capability and CSRF checks in the mekssavebusinessselectedaccount AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin's settings and put Cross-Site...