CVE-2022-2426

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...

CVE-2022-2426

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...

CVE-2022-2426

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...

CVE-2022-2426

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...

Cross site scripting

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...

CVE-2022-2426 Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators...

CVE-2022-2426

The CVE-2022-2426 entry concerns the Thinkific Uploader WordPress plugin (versions ≤ 1.0.0). The vulnerability is a Stored Cross-Site Scripting (XSS) issue caused by the plugin not sanitising and escaping its settings, enabling high-privilege users (e.g., administrators) to inject XSS that could ...

WordPress plugin Thinkific Uploader 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2022-16570 · WordPress · Thinkific Uploader

Name of the Vulnerable Software and Affected Versions: Thinkific Uploader WordPress plugin versions 1.0.0 and earlier Description: The issue concerns the lack of sanitization and escaping of settings in the plugin, which could allow high-privilege users, such as administrators, to perform Stored...

Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. PoC Put the following payload in any of the settings: "...

Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. Put the following payload in any of the settings: "...

WordPress Thinkific Uploader plugin <= 1.0.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Raad Haddad in WordPress Thinkific Uploader plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of July 15, 2022 and is not available for download. This closure is temporary, pending a fu...