CVE-2022-36417

Multiple Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability in 3D Tag Cloud plugin = 3.8 at WordPress...

CVE-2022-36417

CVE-2022-36417 concerns the WordPress plugin 3D Tag Cloud (Cardoza) up to version ≤ 3.8. The connected sources confirm a Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in this plugin. The root cause indicated across multiple records is lack of proper request...

WordPress plugin 3D Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress 3D Tag Cloud plugin <= 3.8 - Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Multiple Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Rasi Afeef in WordPress 3D Tag Cloud plugin versions = 3.8. Solution No patched version is available. No reply from the vendor...

CVE-2022-2412

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2412

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2412 Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2412

CVE-2022-2412 affects the WordPress plugin Better Tag Cloud up to version 0.99.5. The root cause is failure to sanitize/escape certain settings, enabling a Stored Cross-Site Scripting (XSS) attack when the unfiltered_html capability is disallowed (e.g., in multisite). The impact is described as r...

WordPress plugin Better Tag Cloud 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2022-16476 · WordPress · Better Tag Cloud

Name of the Vulnerable Software and Affected Versions: Better Tag Cloud WordPress plugin versions prior to 0.99.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...

WordPress Better Tag Cloud plugin <= 0.99.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Vinay Varma Mudunuri, Krishna Harsha Kondaveeti in WordPress Better Tag Cloud plugin versions = 0.99.5. Solution Deactivate and delete. This plugin has been closed as of July 14, 2022 and is not available for download. This...

WordPress WordPress Tag Cloud Plugin – Tag Groups plugin < 1.43.10.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Tag Cloud Plugin – Tag Groups plugin versions 1.43.10.1. Solution Update the WordPress WordPress Tag Cloud Plugin – Tag Groups plugin to the latest available version at least 1.43.10.1...

WordPress Cool Tag Cloud plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

CVE-2021-24682

The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cooltagcloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2021-24682

The CVE-2021-24682 entry concerns the WordPress Cool Tag Cloud plugin (versions prior to 2.26). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by failure to escape the style attribute in the cool_tag_cloud shortcode, enabling an attacker with as little as Contributor privile...

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Cool Tag Cloud plugin in versions prior to 2.26 suffers from a cross-site scripting vulnerability...

WordPress Cool Tag Cloud plugin <= 2.25 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Cool Tag Cloud plugin versions = 2.25. Solution Update the WordPress Cool Tag Cloud plugin to the latest available version at least 2.26...

Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting

The plugin does not escape the style attribute of the cooltagcloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. cooltagcloud style='" style="animation-name:twentytwentyone-close-button-transition" onanimationend="alert/XSS/'...

CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...

UBUNTU-CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...