24 matches found
CVE-2022-2186
The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2186
The CVE-2022-2186 entry concerns the WordPress Simple Post Notes plugin prior to 1.7.6. The issue is a stored cross-site scripting (XSS) vulnerability caused by failure to sanitize and escape plugin settings, enabling high-privilege users (e.g., admins) to perform XSS even when unfiltered_html is...
WordPress plugin Simple Post Notes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Simple Post Notes plugin <= 1.7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Sachin Kumar eSec Forte Technologies Pvt Ltd in WordPress Simple Post Notes plugin versions = 1.7.5. Solution Update the WordPress Simple Post Notes plugin to the latest available version at least 1.7.6...