WordPress SULly plugin < 4.3.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin SULly versions 4.3.1...

WordPress SULly plugin < 4.3.1 - Plugin Reset via CSRF vulnerability

Plugin Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin SULly versions 4.3.1...

WordPress SULly plugin < 4.3.1 - Admin+ Stored XSS via CSRF vulnerability

Admin+ Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin SULly versions 4.3.1...

WordPress SULly plugin < 4.3.1 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin SULly versions 4.3.1...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5032 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID ef2aee1bdf07 Credits Bob Matyas Required privilege...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Scripting (XSS)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5151 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 81625139b730 Credits Guido Iván García Duva Required...

WordPress SULly Plugin < 4.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SULly Type Plugin Vulnerable versions 4.3.1 Fixed in 4.3.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5033 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1486b242ed58 Credits Bob Matyas Required privilege...

CVE-2024-5032

The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-5034

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5034 SULly < 4.3.1 - Plugin Reset via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5033

The CVE-2024-5033 entry concerns the SULly WordPress plugin prior to version 4.3.1, which lacks CSRF checks and proper sanitization/escaping, enabling a logged-in admin to inject Stored XSS payloads via a CSRF attack. Red Hat and Patchstack entries corroborate the vulnerability description and no...

WordPress plugin SULly security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin SULly security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-34135 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...