CVE-2023-44473 WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Michael Tran Table of Contents Plus plugin = 2302 versions...

WordPress Plugin Table of Contents Plus Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-29252 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Michael Tran Table of Contents Plus plugin versions = 2302 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

WordPress Table of Contents Plus Plugin <= 2302 is vulnerable to Cross Site Request Forgery (CSRF)

Software Table of Contents Plus Type Plugin Vulnerable versions = 2302 Fixed in 2309 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-44473 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 9767a2935241 Credits Muhammad Daffa...

WordPress Table of Contents Plus Plugin < 2309 is vulnerable to Cross Site Scripting (XSS)

Software Table of Contents Plus Type Plugin Vulnerable versions 2309 Fixed in 2309 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID add1e3e311bd Credits Unknown Required privilege...

WordPress Table of Contents Plus Plugin < 2212 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tableofcontentsplusproject:tableofcontentsplus"; if...

CVE-2022-4479

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Cross site scripting

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4479

CVE-2022-4479 affects the WordPress plugin Table of Contents Plus v2212 and earlier. The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before echoing them in the page, enabling a Stored XSS attack. Impacted scenario: a user with as little as the...

CVE-2022-4479 Table of Contents Plus < 2212 - Contributor+ Stored XSS

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4479 Table of Contents Plus < 2212 - Contributor+ Stored XSS

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

PT-2023-14554 · WordPress · Table Of Contents Plus

Name of the Vulnerable Software and Affected Versions: Table of Contents Plus WordPress plugin versions prior to 2212 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as lo...

Table of Contents Plus < 2212 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. toc...