Lucene search
K

110 matches found

OSV
OSV
added 2021/06/28 1:15 a.m.17 views

CVE-2021-20746

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

5.4CVSS6.2AI score
Exploits0References4
Prion
Prion
added 2021/06/28 1:15 a.m.16 views

Cross site scripting

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

3.5CVSS5AI score0.01442EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/06/28 12:50 a.m.83 views

CVE-2021-20746

CVE-2021-20746 describes a Cross-Site Scripting vulnerability in the WordPress Popular Posts plugin (versions 5.3.2 and earlier). The flaw allows an authenticated remote attacker to inject arbitrary scripts via unspecified vectors, with an impact limited to the attacker’s browser context. Exploit...

5.4CVSS5AI score0.01442EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/06/23 12:0 a.m.8 views

WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Popular Posts 5.3.2 and earlier versions are vulnerable to cross-site scripting. An authenticated remote attacker can use this vulnerability to inject arbitrary scripts...

5.4CVSS5.3AI score0.01442EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/06/23 12:0 a.m.58 views

JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...

5.4CVSS5.3AI score0.01442EPSS
Exploits1
Patchstack
Patchstack
added 2021/06/11 12:0 a.m.49 views

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE)

Authenticated Code Injection vulnerability leading to Remote Code Execution RCE discovered by NinTechNet in WordPress Popular Posts plugin versions = 5.3.2. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.3...

8.8CVSS4.8AI score0.79823EPSS
Exploits5References3Affected Software1
Patchstack
Patchstack
added 2021/06/07 12:0 a.m.11 views

WordPress Popular Posts plugin <= 5.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yu Iwama of Secure Sky Technology Inc. and the JPCERT/CC Vulnerability Coordination Group in WordPress Popular Posts plugin versions = 5.3.2. Solution Update the WordPress Popular Posts plugin to the latest available versio...

1.3AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.24 views

WordPress Popular Posts < 5.3.3 - Authenticated Code Injection

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 5.3.3: "When thumbnails settings are set to 'Custom field name' and 'Resize image from Custom field' they aren’t by default, a user with contributor role or above can bypass the file type verification, download...

2AI score
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2021/06/07 12:0 a.m.153 views

WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue POST /wp-admin/options-general.php?page=wordpress-popular-posts&tab=tools HTTP/1.1 Accept:...

5.4CVSS0.6AI score0.01442EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/06/07 12:0 a.m.23 views

WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue PoC POST /wp-admin/options-general.php?page=wordpress-popular-posts=tools HTTP/1.1 Accept:...

5.4CVSS0.7AI score0.01442EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder