105 matches found
WordPress Plugin YARPP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
CVE-2023-1404
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...
CVE-2023-1404
The CVE-2023-1404 entry concerns the Weaver Show Posts plugin for WordPress (versions ≤ 1.6). It enables stored XSS by insufficient escaping of the profile display name, exploitable by authenticated users with contributor-level permissions and above. Wordfence documentation confirms two related W...
CVE-2023-1404 Weaver Show Posts <= 1.6 - Authenticated(Contributor+) Stored Cross-Site Scripting via Display Name
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...
CVE-2023-27423
Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Auto Prune Posts plugin = 1.8.0 versions...
CVE-2022-41612
CVE-2022-41612 affects the WordPress plugin Similar Posts (versions
WordPress plugin Similar Posts 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin YARPP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Similar Posts Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Similar Posts Type Plugin Vulnerable versions = 3.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-41612 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 93ccc5382b3f Credits din Required privilege...
PT-2023-16011 · WordPress · Post Grid
Name of the Vulnerable Software and Affected Versions: The Post Grid, Post Carousel, & List Category Posts WordPress plugin versions prior to 2.4.19 Description: The issue concerns a lack of validation and escaping of certain block options in the plugin, which could allow users with the contribut...
WordPress plugin Popular Posts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2022-1847
The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1847
The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Cross site request forgery (csrf)
The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin Rotating Posts 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Rotating Posts plugin version 1.11 and earlier versions are vulnerable to cross-site request forger...
CVE-2022-0958
The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress plugin Mark Posts 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Mark Posts plugin has a cross-site scripting...
Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'Add new markers' settings of the plugin: "autofocus onfocus=alert/XSS/ b=...
WordPress Mark Posts plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Mark Posts plugin versions = 2.0.0. Solution Update the WordPress Mark Posts plugin to the latest available version at least 2.0.1...