49 matches found
Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payload in...
Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi
The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin PoC With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payloa...
Polylang <= 2.5 - CSRF in categories and media duplication
The Polylang WordPress plugin was affected by a CSRF in categories and media duplication security vulnerability...
Polylang 1.5.1 - User Description H&ling Stored XSS
The Polylang WordPress plugin was affected by an User Description H Stored XSS security vulnerability...
CVE-2014-4855
Cross-site scripting XSS vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information...
CVE-2014-4855
Cross-site scripting XSS vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information...
CVE-2014-4855
Polylang WordPress plugin (before 1.5.2) is affected by a stored XSS via the user description field. The vulnerability allows remote injection of script/HTML; affected component is the Polylang plugin for WordPress, prior to version 1.5.2. Remediation observed in sources is to update to 1.5.2 or ...
WordPress Polylang Plugin <= 1.5.1 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via vectors related to a user description. Solution Update the plugin...