6 matches found
CVE-2023-7084
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...
CVE-2023-7083 Voting Record <= 2.0 - Settings Update to Stored XSS via CSRF
The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-7084 Voting Record <= 2.0 - Subscriber+ Stored XSS
The Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...
WordPress plugin Voting Record security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Voting Record security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Voting Record <= 2.0 - Subscriber+ Stored XSS
Description The plugin is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks PoC Have a subscriber open an HTML file containing the following: See the XSS when logged in as an admin and viewing recorded votes...