Lucene search
+L

42 matches found

attackerkb
attackerkb
added 2022/09/06 6:15 p.m.2 views

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

6.4CVSS6.3AI score0.00787EPSS
Exploits1References5
prion
prion
added 2022/09/06 6:15 p.m.12 views

Cross site scripting

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

4.9CVSS5.1AI score0.00787EPSS
Exploits1References4Affected Software1
cve
cve
added 2022/09/06 5:18 p.m.76 views

CVE-2022-2515

The CVE-2022-2515 issue affects the WordPress Simple Banner plugin (versions up to and including 2.11.0). It is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping in the pro_version_activation_code setting. Authenticated attackers (including tho...

6.4CVSS5AI score0.00787EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2022/09/06 5:18 p.m.5 views

CVE-2022-2515 Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

6.4CVSS6.3AI score0.00787EPSS
Exploits1References4
cvelist
cvelist
added 2022/09/06 5:18 p.m.32 views

CVE-2022-2515 Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

6.4CVSS5.9AI score0.00787EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2022/09/06 12:0 a.m.3 views

PT-2022-17101 · WordPress · Simple Banner

Name of the Vulnerable Software and Affected Versions: Simple Banner plugin for WordPress versions up to and including 2.11.0 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers to inject arbitrary web scripts via the pro versio...

6.4CVSS5.3AI score0.00787EPSS
Exploits1References6
cnnvd
cnnvd
added 2022/09/06 12:0 a.m.3 views

WordPress plugin Simple Banner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS5.7AI score0.00787EPSS
Exploits1References5
attackerkb
attackerkb
added 2022/08/22 3:15 p.m.7 views

CVE-2022-0446

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00444EPSS
Exploits1References2
nvd
nvd
added 2022/08/22 3:15 p.m.24 views

CVE-2022-0446

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00444EPSS
Exploits1References1
osv
osv
added 2022/08/22 3:15 p.m.4 views

CVE-2022-0446

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00444EPSS
Exploits1References1
cvelist
cvelist
added 2022/08/22 2:57 p.m.28 views

CVE-2022-0446 Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00444EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2022/08/22 12:0 a.m.5 views

PT-2022-13190 · WordPress · Simple Banner

Name of the Vulnerable Software and Affected Versions: Simple Banner WordPress plugin versions prior to 2.12.0 Description: The issue allows high privilege users to perform Cross-Site Scripting attacks due to improper sanitization of the Simple Banner Text settings, even when the unfiltered html...

4.8CVSS4.7AI score0.00444EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/08/22 12:0 a.m.5 views

WordPress plugin Simple Banner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00444EPSS
Exploits1References2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.112 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS0.1AI score0.00444EPSS
Exploits1
wpvulndb
wpvulndb
added 2022/07/26 12:0 a.m.22 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS1.4AI score0.00444EPSS
Exploits1Affected Software1
patchstack
patchstack
added 2022/07/25 12:0 a.m.22 views

WordPress Simple Banner plugin <= 2.11.0 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Muhammad Zeeshan Xib3rR4dAr in WordPress Simple Banner plugin versions = 2.11.0. Solution Update the WordPress Simple Banner plugin to the latest available version at least 2.12.0...

6.4CVSS1.8AI score0.00787EPSS
Exploits1References1Affected Software1
osv
osv
added 2021/08/23 12:15 p.m.6 views

CVE-2021-24574

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00676EPSS
Exploits2References2
nvd
nvd
added 2021/08/23 12:15 p.m.19 views

CVE-2021-24574

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00676EPSS
Exploits2References2
cnnvd
cnnvd
added 2021/08/23 12:0 a.m.6 views

WordPress plugin Simple Banner 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

4.8CVSS5.1AI score0.00676EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.748 views

Simple Banner < 2.10.4 - Authenticated Stored XSS

The plugin does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed. Put the following payload in the Simple Banner Text setting of the plugin: The XSS will be triggered ...

3.5CVSS0.1AI score0.00676EPSS
Exploits2References1
Rows per page
Query Builder