9 matches found
CVE-2021-24346
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...
CVE-2021-24520
The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor or higher can exploit this vulnerability...
CVE-2021-24520
CVE-2021-24520 affects the WordPress plugin Stock in & out (
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress plugin The Stock in & out 1.0.4 and earlier...
CVE-2021-24346
The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue...
Stock in & out WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Stock in & out WordPress that stems from not...
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...
Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)
The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue PoC POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...
WordPress Stock in & out plugin <= 1.0.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Stock in & out plugin versions = 1.0.4. Solution This plugin has been closed as of April 29, 2021 and is not available for download. This closure is temporary, pending a full review...