110 matches found
CVE-2021-20746
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...
CVE-2021-20746
CVE-2021-20746 describes a Cross-Site Scripting vulnerability in the WordPress Popular Posts plugin (versions 5.3.2 and earlier). The flaw allows an authenticated remote attacker to inject arbitrary scripts via unspecified vectors, with an impact limited to the attacker’s browser context. Exploit...
WordPress 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Popular Posts 5.3.2 and earlier versions are vulnerable to cross-site scripting. An authenticated remote attacker can use this vulnerability to inject arbitrary scripts...
JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting
WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...
WordPress Popular Posts plugin <= 5.3.2 - Authenticated Code Injection vulnerability leading to Remote Code Execution (RCE)
Authenticated Code Injection vulnerability leading to Remote Code Execution RCE discovered by NinTechNet in WordPress Popular Posts plugin versions = 5.3.2. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.3...
WordPress Popular Posts plugin <= 5.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Yu Iwama of Secure Sky Technology Inc. and the JPCERT/CC Vulnerability Coordination Group in WordPress Popular Posts plugin versions = 5.3.2. Solution Update the WordPress Popular Posts plugin to the latest available versio...
WordPress Popular Posts < 5.3.3 - Authenticated Code Injection
Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 5.3.3: "When thumbnails settings are set to 'Custom field name' and 'Resize image from Custom field' they aren’t by default, a user with contributor role or above can bypass the file type verification, download...
WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue POST /wp-admin/options-general.php?page=wordpress-popular-posts&tab=tools HTTP/1.1 Accept:...
WordPress Popular Posts < 5.3.3 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not properly sanitise or escape its Default Thumbnail setting before outputting back in the page, leading to a stored Cross-Site Scripting issue PoC POST /wp-admin/options-general.php?page=wordpress-popular-posts=tools HTTP/1.1 Accept:...