CVE-2025-12416

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

WordPress Pagerank Tools plugin <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Pagerank Tools versions = 1.1.5...

CVE-2025-12416 Pagerank Tools <= 1.1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Pagerank Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Cross-Site Request Forgery in all versions up to, and including, 1.1.5. This is due to missing nonce validation on the prsavesettings function and insufficient input sanitization. This makes it possible for...

CVE-2025-12416

Summary: The WordPress Pagerank Tools plugin (versions ≤ 1.1.5) contains a vulnerability where a stored Cross‑Site Scripting attack can be triggered via Cross‑Site Request Forgery. The root cause is missing nonce validation on the pr_save_settings() function and insufficient input sanitization, e...

WordPress plugin Pagerank Tools 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

CVE-2024-5730

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Pagerank Tools plugin <= 1.1.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Pagerank Tools versions = 1.1.5...

WordPress Pagerank Tools Plugin <= 1.1.5 is vulnerable to Cross Site Scripting (XSS)

Software Pagerank Tools Type Plugin Vulnerable versions = 1.1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5730 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ed7753fdc52a Credits Bob Matyas Required...

CVE-2024-5730

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5730 Pagerank Tools <= 1.1.5 - Reflected XSS

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5730 Pagerank Tools <= 1.1.5 - Reflected XSS

The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

PT-2024-37106 · WordPress · Pagerank Tools

Name of the Vulnerable Software and Affected Versions: Pagerank tools WordPress plugin versions 1.1.5 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the...

WordPress plugin Pagerank tools security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Pagerank Tools <= 1.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin https://example.com/wp-admin/tools.php?page=pagepageranks&url="alert333...

Pagerank Tools <= 1.1.5 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC https://example.com/wp-admin/tools.php?page=pagepageranks="...