Lucene search
K

66 matches found

NVD
NVD
added 2021/09/06 11:15 a.m.17 views

CVE-2021-24601

The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS0.00624EPSS
Exploits2References1
OSV
OSV
added 2021/09/06 11:15 a.m.2 views

CVE-2021-24601

The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/09/06 11:9 a.m.22 views

CVE-2021-24601 WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The WPFront Notification Bar WordPress plugin before 2.1.0.08087 does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.3AI score0.00624EPSS
Exploits2References1
CVE
CVE
added 2021/09/06 11:9 a.m.45 views

CVE-2021-24601

The CVE-2021-24601 entry concerns the WPFront Notification Bar WordPress plugin, affected versions prior to 2.1.0.08087. Root cause: improper sanitisation and escaping of plugin settings. Impact: authenticated users with high privileges can perform Cross-Site Scripting (XSS), even when unfiltered...

5.4CVSS5.1AI score0.00624EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/09/06 12:0 a.m.6 views

WordPress plugin WPFront Notification Bar 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin, which stems from version 2.1.0.08087 and prior...

5.4CVSS5.3AI score0.00624EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2021/09/03 12:0 a.m.9 views

WordPress WPFront Scroll Top Plugin < 2.0.7 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

5.4CVSS7AI score0.0062EPSS
Exploits2References2
NVD
NVD
added 2021/08/23 12:15 p.m.36 views

CVE-2021-24564

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

5.4CVSS0.0062EPSS
Exploits2References1
Prion
Prion
added 2021/08/23 12:15 p.m.20 views

Cross site scripting

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

3.5CVSS5.3AI score0.0062EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/08/23 11:10 a.m.58 views

CVE-2021-24564

The CVE covers WPFront Scroll Top for WordPress, affected versions before 2.0.6.07225. Vulnerability: authenticated stored XSS due to unfiltered/unterminated sanitization of the Image ALT attribute when outputting it. Root cause: lack of sanitization/escaping in the ALT setting leads to script ex...

5.4CVSS5.2AI score0.0062EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/08/23 11:10 a.m.30 views

CVE-2021-24564 WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed...

5.5AI score0.0062EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.15 views

WordPress plugin WPFront Scroll Top 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

5.4CVSS5.6AI score0.0062EPSS
Exploits2References1
CNVD
CNVD
added 2021/08/18 12:0 a.m.15 views

WordPress WPFront Notification Bar plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WPFront Notification Bar plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in t...

4.8CVSS4.8AI score0.00695EPSS
Exploits2References1
OSV
OSV
added 2021/08/16 11:15 a.m.5 views

CVE-2021-24518

The WPFront Notification Bar WordPress plugin before 2.0.0.07176 does not sanitise or escape its Custom CSS setting, allowing high privilege users such as admin to set XSS payload in it even when the unfilteredhtml capability is disallowed, leading to an authenticated Stored Cross-Site Scripting...

4.8CVSS5.8AI score0.00695EPSS
Exploits2References2
CVE
CVE
added 2021/08/16 10:48 a.m.43 views

CVE-2021-24518

The CVE describes an authenticated Stored XSS in the WPFront Notification Bar WordPress plugin prior to version 2.0.0.07176. The vulnerability arises because the plugin does not sanitize/escape its Custom CSS setting, allowing high-privilege users (e.g., admins) to inject XSS payloads even when u...

4.8CVSS4.6AI score0.00695EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/16 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WPFront Notification Bar plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in t...

4.8CVSS5.3AI score0.00695EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.7 views

WordPress WPFront Notification Bar plugin <= 2.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Siddheshwar Vishwambhar Mane in WordPress WPFront Notification Bar plugin versions = 2.1.0. Solution Update the WordPress WPFront Notification Bar plugin to the latest available version at least 2.1.0.08087...

1.7AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.19 views

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC To execute the XSS on all frontend pages and plugin's setting page, add the following payload in...

5.4CVSS0.4AI score0.00624EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/08/09 12:0 a.m.569 views

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...

5.4CVSS5.1AI score0.00624EPSS
Exploits2
wpexploit
wpexploit
added 2021/07/26 12:0 a.m.635 views

WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. Put the one of the payload below in the Image ALT setting of the plugin: The XSS will...

3.5CVSS5.3AI score0.0062EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.18 views

WPFront Scroll Top < 2.0.6.07225 - Authenticated Stored XSS

The plugin does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfilteredhtml capability is disallowed. PoC Put the one of the payload below in the Image ALT setting of the plugin: The XSS...

3.5CVSS0.8AI score0.0062EPSS
Exploits2Affected Software1
Rows per page
Query Builder