Cross site scripting

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...

CVE-2022-0201

The CVE pertains to WordPress Permalink Manager Lite and Pro plugins prior to version 2.2.15, with a Reflected Cross-Site Scripting (XSS) vulnerability caused by not sanitising/escaping query parameters before echoing them on the debug page. Affected components: Permalink Manager Lite/Pro plugins...

CVE-2022-0201 Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting

The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in WordPress Permalink Manager Lite and Permalink Manager Pro plugins prior to version 2.2.15, which stems from the plugin's failure to clean up and...

WordPress Permalink Manager Pro premium plugin <= 2.2.14 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Permalink Manager Pro premium plugin versions = 2.2.14. Solution Update the WordPress Permalink Manager Pro premium plugin to the latest available version at least 2.2.15...

Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue https://example.com/index.php?p=%3Cimg%20src%20onerror=alert/XSS/%3E&debugurl=1...

Permalink Manager < 2.2.15 - Reflected Cross-Site Scripting

The plugins do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/index.php?p=%3Cimg%20src%20onerror=alert/XSS/%3Eurl=1...

WordPress Permalink Manager Lite plugin <= 2.2.14 - Unauthorized Reflected Cross-Site Scripting (XSS) vulnerability

Unauthorized Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Permalink Manager Lite plugin versions = 2.2.14. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.15...

CVE-2021-24769

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

CVE-2021-24769

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

Sql injection

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

CVE-2021-24769

The CVE-2021-24769 affects the WordPress plugin Permalink Manager Lite (before 2.2.13.1). The vulnerability arises from not validating/escaping the orderby parameter before embedding it in a SQL statement on the Permalink Manager page, enabling SQL injection. Public sources (PatchStack, CVE recor...

CVE-2021-24769 Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...

WordPress Permalink Manager Lite plugin <= 2.2.12 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by bl4derunner in WordPress Permalink Manager Lite plugin versions = 2.2.12. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.13.1...

Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection https://example.com/wp-admin/tools.php?page=permalink-manager&orderby=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...

Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection

The plugin does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection PoC https://example.com/wp-admin/tools.php?page=permalink-manager=ID+AND+SELECT+9480+FROM+SELECTSLEEP5EXid...