9 matches found
CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-22564 WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faaiq Pretty Url pretty-url allows Reflected XSS.This issue affects Pretty Url: from n/a through = 1.5.4...
CVE-2025-22564 WordPress Pretty Url Plugin <= 1.5.4 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faaiq Pretty Url pretty-url allows Reflected XSS.This issue affects Pretty Url: from n/a through = 1.5.4...
CVE-2023-2009
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2009 Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin URL field in the Pretty Url 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Pretty Url Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)
Software Pretty Url Type Plugin Vulnerable versions = 1.5.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2009 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 54d21d922e3b Credits Shezad Master Required privileg...
Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings
Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. In the "Enter the URL: field, add the XSS...