WordPress W3 Total Cache Plugin < 2.1.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:boldgrid:w3totalcache"; if description...

WordPress W3 Total Cache plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache in versions prior to 2.1.4, which stems from a lack of validation of client-side data in the "extension" parameter of t...

CVE-2021-24436

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince ...

CVE-2021-24436

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince ...

CVE-2021-24452

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

CVE-2021-24452

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

Cross site scripting

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

CVE-2021-24452 W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript...

CVE-2021-24452

The CVE-2021-24452 entry concerns the WordPress plugin W3 Total Cache prior to version 2.1.5. The vulnerability is a reflected XSS in the Extension parameter on the Extensions dashboard, triggered when the setting “Anonymously track usage to improve product quality” is enabled; the parameter is o...

CVE-2021-24436 W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince ...

CVE-2021-24436

The CVE-2021-24436 entry concerns the WordPress W3 Total Cache plugin prior to version 2.1.4. A reflected XSS vulnerability exists in the extension parameter of the Extensions dashboard, where the value is output inside an attribute without proper escaping. This can allow an attacker to persuade ...

WordPress和W3 Total Cache 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache in versions prior to 2.1.4, which stems from a lack of validation of client-side data in the "extension" parameter of t...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache prior to version...

WordPress W3 Total Cache Code Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...

CVE-2021-24427

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24427

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24427 W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...

CVE-2021-24427

The CVE-2021-24427 entry concerns the WordPress W3 Total Cache plugin prior to 2.1.3. The vulnerability arises because the plugin did not sanitise or escape certain CDN settings, allowing high-privilege users to inject JavaScript that is output in pages, leading to an authenticated Stored XSS. Af...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...