110 matches found
CVE-2022-0206
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
Cross site scripting
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2022-0206 NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2022-0206
The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress NewStatPress plugin prior to 1.3.6. The vulnerabili...
NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=nspsearch&what1=%27+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...
WordPress NewStatPress plugin <= 1.3.5 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress NewStatPress plugin versions = 1.3.5. Solution Update the WordPress NewStatPress plugin to the latest available version at least 1.3.6...
NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
The plugin does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC https://example.com/wp-admin/admin.php?page=nspsearch&what1;=%27+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28/XSS/%29+x...
WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30374)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...
WordPress NewStatPress Plugin < 1.0.5 Multiple Vulnerabilities
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress NewStatPress Plugin < 1.0.4 XSS Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress NewStatPress Plugin < 1.0.6 XSS Vulnerability
The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
CVE-2017-18575
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...
CVE-2017-18575
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...
Cross site scripting
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...
CVE-2017-18575
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...
CVE-2017-18575
CVE-2017-18575 affects the WordPress plugin NewStatPress prior to version 1.2.5. The issue is multiple stored XSS flaws in the plugin, where unsanitized user-supplied data can be stored and later reflected in pages, enabling injection of client-side scripts. Public exploitation details are not pr...
WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30372)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...
WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30376)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...
WordPress newstatpress plugin SQL injection vulnerability (CNVD-2019-30377)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A SQL injection vulnerability exists in the WordPress...