13 matches found
EUVD-2022-42768
Malicious code in bioql PyPI...
CVE-2022-3391
The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Retain Live Chat Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin used to import/export WordPress data. wordpress plugin is an...
CVE-2022-3391
The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3391 Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting
The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3391
CVE-2022-3391 affects the Retain Live Chat WordPress plugin up to version 0.1. The issue is a failure to sanitize and escape certain settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite setups). Ro...
WordPress plugin Retain Live Chat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin used to import/export WordPress data. wordpress plugin is an...
CVE-2022-3391 Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting
The Retain Live Chat WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-21902 · WordPress · Retain Live Chat
Name of the Vulnerable Software and Affected Versions: Retain Live Chat WordPress plugin version 0.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...
WordPress Retain Live Chat plugin <= 0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Rahul Selvakumar in WordPress Retain Live Chat plugin versions = 0.1. Solution Deactivate and delete. This plugin has been closed as of October 3, 2022 and is not available for download. This closure is temporary, pending a...
Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the Rtain App ID...
Retain Live Chat <= 0.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the Rtain App ID...