66 matches found
CVE-2021-24601
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24601
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24601 WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24601
The CVE-2021-24601 entry concerns the WPFront Notification Bar WordPress plugin, affected versions prior to 2.1.0.08087. Root cause: improper sanitisation and escaping of plugin settings. Impact: authenticated users with high privileges can perform Cross-Site Scripting (XSS), even when unfiltered...
WordPress plugin WPFront Notification Bar 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin, which stems from version 2.1.0.08087 and prior...
WordPress WPFront Scroll Top Plugin < 2.0.7 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24564
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...
Cross site scripting
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...
CVE-2021-24564
The CVE covers WPFront Scroll Top for WordPress, affected versions before 2.0.6.07225. Vulnerability: authenticated stored XSS due to unfiltered/unterminated sanitization of the Image ALT attribute when outputting it. Root cause: lack of sanitization/escaping in the ALT setting leads to script ex...
CVE-2021-24564 WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS
The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...
WordPress plugin WPFront Scroll Top 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...
WordPress WPFront Notification Bar plugin cross-site scripting vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WPFront Notification Bar plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in t...
CVE-2021-24518
The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...
CVE-2021-24518
The CVE describes an authenticated Stored XSS in the WPFront Notification Bar WordPress plugin prior to version 2.0.0.07176. The vulnerability arises because the plugin does not sanitize/escape its Custom CSS setting, allowing high-privilege users (e.g., admins) to inject XSS payloads even when u...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WPFront Notification Bar plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in t...
WordPress WPFront Notification Bar plugin <= 2.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Siddheshwar Vishwambhar Mane in WordPress WPFront Notification Bar plugin versions = 2.1.0. Solution Update the WordPress WPFront Notification Bar plugin to the latest available version at least 2.1.0.08087...
WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC To execute the XSS on all frontend pages and plugin's setting page, add the following payload in...
WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS
The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...
WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS
The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. Put the one of the payload below in the Image ALT setting of the plugin: The XSS will...
WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS
The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. PoC Put the one of the payload below in the Image ALT setting of the plugin: The XSS...