Lucene search
K

49 matches found

wpexploit
wpexploit
added 2022/09/20 12:0 a.m.99 views

Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payload in...

7.2CVSS7.3AI score0.00992EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/09/20 12:0 a.m.27 views

Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi

The plugin does not properly sanitise and escape imported data before using them back SQL statements, leading to SQL injection exploitable by high privilege users such as admin PoC With the additional https://wordpress.org/plugins/polylang/ plugin installed, import a CSV with the following payloa...

7.2CVSS0.7AI score0.00992EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2019/01/16 12:0 a.m.16 views

Polylang <= 2.5 - CSRF in categories and media duplication

The Polylang WordPress plugin was affected by a CSRF in categories and media duplication security vulnerability...

3.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.33 views

Polylang 1.5.1 - User Description H&ling Stored XSS

The Polylang WordPress plugin was affected by an User Description H Stored XSS security vulnerability...

4.3CVSS0.5AI score0.01578EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2014/07/10 4:55 p.m.17 views

CVE-2014-4855

Cross-site scripting XSS vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information...

4.3CVSS5.7AI score0.01578EPSS
Exploits0References2
Prion
Prion
added 2014/07/10 4:55 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information...

4.3CVSS6.2AI score0.01578EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/07/10 4:0 p.m.27 views

CVE-2014-4855

Cross-site scripting XSS vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information...

5.7AI score0.01578EPSS
Exploits0References2
CVE
CVE
added 2014/07/10 4:0 p.m.40 views

CVE-2014-4855

Polylang WordPress plugin (before 1.5.2) is affected by a stored XSS via the user description field. The vulnerability allows remote injection of script/HTML; affected component is the Polylang plugin for WordPress, prior to version 1.5.2. Remediation observed in sources is to update to 1.5.2 or ...

4.3CVSS5.9AI score0.01578EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2014/07/10 12:0 a.m.36 views

WordPress Polylang Plugin <= 1.5.1 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via vectors related to a user description. Solution Update the plugin...

4.3CVSS2.6AI score0.01578EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder