8 matches found
CVE-2016-10976
The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS...
CVE-2016-10976
The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS...
CVE-2016-10976
The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS...
Authentication flaw
The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS...
CVE-2016-10976
The safe-editor plugin before 1.2 for WordPress has no sesave authentication, with resultant XSS...
CVE-2016-10976
The CVE concerns the WordPress Safe Editor plugin prior to version 1.2, where the se_save endpoint lacks authentication, enabling CSS/JS injection and resulting XSS. Affected component: safe-editor plugin for WordPress; root cause: missing authentication on se_save in admin-ajax flow; impact: una...
WordPress Safe Editor Plugin <= 1.1 - Multiple Vulnerabilities
This plugin is prone to an unauthenticated CSS and JS injection. The attackers can inject whatever they want when "wpfooter" and "wphead" is called, because "sesave" function is not sanitized. Solution Update the plugin...
safe-editor <= 1.1 - Unauthenticated CSS/JS-injection
When saving JS/CSS in this plugin then both private and public ajax-hooks are being used. Because of this anyone can post JS/CSS that are saved to the db and printed to the head and footer portion of the page. PoC In the file "index.php" in root folder on line 188 and 189 you can see that both...