78 matches found
CVE-2023-49195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...
CVE-2023-49195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...
CVE-2023-49195
CVE-2023-49195 affects WordPress Nested Pages plugin
CVE-2023-49195 WordPress Nested Pages Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kyle Phillips Nested Pages allows Stored XSS.This issue affects Nested Pages: from n/a through 3.2.6...
WordPress plugin and WordPress cross-site scripting vulnerabilities
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Nested Pages Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)
Software Nested Pages Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-49195 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 12ebb2b0a5fd Credits emad Required privilege Administrator...
CVE-2023-2434
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...
CVE-2023-2434
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...
Design/Logic Flaw
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...
CVE-2023-2434 Nested Pages <= 3.2.3 - Missing Authorization to Authenticated (Editor+) Plugin Settings Reset
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...
WordPress Nested Pages Plugin <= 3.2.3 is vulnerable to Broken Access Control
Software Nested Pages Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2434 Patch priority Low CVSS severity Low 3.8 Developer Claim ownership PSID 26e414b00090 Credits Lana Codes Required privilege...
WordPress Plugin Nested Pages 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2023-19526 · WordPress · Nested Pages
Name of the Vulnerable Software and Affected Versions: Nested Pages plugin for WordPress versions up to, and including, 3.2.3 Description: The issue is related to a missing capability check on the reset function, which allows authenticated attackers with editor-level permissions and above to rese...
WordPress Nested Pages plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Nested Pages plugin version prior to 3.1.21 has a cross-site scripting vulnerability that...
CVE-2022-1990
The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
CVE-2022-1990
The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
CVE-2022-1990
The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
Cross site scripting
The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
CVE-2022-1990
CVE-2022-1990 affects the WordPress Nested Pages plugin prior to version 3.1.21. The vulnerability arises because the plugin does not escape and sanitize certain settings, enabling Stored Cross-Site Scripting when unfiltered_html is disallowed. Public sources across Red Hat, NVD, CNVD, OSV, and P...