17 matches found
WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sitewide Notice WP versions = 2.4.1...
CVE-2025-67575
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
EUVD-2025-201948
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2025-67575
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2025-67575
CVE-2025-67575 affects the WordPress plugin Sitewide Notice WP. The vulnerability is described as Missing Authorization, allowing unauthorized access to the plugin’s functionality. The initial details indicate the affected release range is Sitewide Notice WP: from n/a through <= 2.4.1, with a ...
CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
WordPress plugin Sitewide Notice WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Sitewide Notice A...
PT-2025-49949
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2021-24592
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24592
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24592 Sitewide Notice WP < 2.3 - Authenticated Stored XSS
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24592
CVE-2021-24592 affects the WordPress Sitewide Notice WP plugin prior to version 2.3. The issue arises because the plugin does not sufficiently sanitize certain settings before rendering them on frontend pages, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_html i...
WordPress 插件跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. WordPress plugin Sitewide Notice before version 2.3 has a cross-site scripting vulnerability, the vulnerability stems from the plugin in its content output to the front-end page before the plugin does not validate and escape som...
Sitewide Notice WP < 2.3 - Authenticated Stored XSS
The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Message setting of the plugin: The XSS will ...
WordPress Sitewide Notice WP <= 2.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Sitewide Notice WP versions = 2.2. Solution Update the WordPress Sitewide Notice WP to the latest available version at least 2.3...