9 matches found
CVE-2021-24645
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress Booking.com Product Helper Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....
CVE-2021-24645
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24645 Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting
The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24645
CVE-2021-24645 concerns the Booking.com Product Helper WordPress plugin prior to 1.0.2. The vulnerability is a Stored Cross-Site Scripting (XSS) in the Product Shortcode creation flow, caused by failure to sanitize and escape the Product Code. An attacker with admin+ privileges could inject XSS i...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Booking.com Product Helper plugin in version 1.0....
Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC When creating a "New product shortcode" you can inject XSS payloads like i...
WordPress Booking.com Product Helper plugin <= 1.0.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Booking.com Product Helper plugin versions = 1.0.1. Solution Update the WordPress Booking.com Product Helper plugin to the latest available version at least 1.0.2...