9 matches found
CVE-2022-3096
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
CVE-2022-3096
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
Cross site scripting
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
PT-2022-20415 · WordPress · Wp Total Hacks
Name of the Vulnerable Software and Affected Versions: WP Total Hacks WordPress plugin versions through 4.7.2 Description: The issue allows low privilege users to modify the plugin's settings, potentially leading to Stored Cross-Site Scripting attacks against other users, including administrators...
WordPress plugin WP Total Hacks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-3096
CVE-2022-3096 concerns the WP Total Hacks WordPress plugin (versions up to 4.7.2). The affected component is the plugin settings handling, where low-privilege users can modify settings due to insufficient sanitisation/escaping, enabling Stored XSS against other users (e.g., admins). The vulnerabi...
WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS
The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. PoC Run the below command...
WordPress WP Total Hacks plugin <= 4.7.2 - Auth. Arbitrary Options Update vulnerability leading to Stored Cross-Site Scripting (XSS)
Auth. Arbitrary Options Update vulnerability leading to Stored Cross-Site Scripting XSS discovered by Daniel Ruf in the WordPress WP Total Hacks plugin versions = 4.7.2. Solution Deactivate and delete. This plugin has been closed as of October 6, 2022 and is not available for download. This closu...
WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS
The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. Run the below command in...