10 matches found
WordPress Widgets on Pages plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Widgets on Pages versions = 1.7...
CVE-2022-4488
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...
WordPress Widgets on Pages Plugin < 1.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Widgets on Pages Type Plugin Vulnerable versions 1.8.1 Fixed in 1.8.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1d4d2801eca1 Credits Rafie Muhammad Patchstack Require...
CVE-2022-4488
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...
CVE-2022-4488 Widgets on Pages < 1.8.0 - Contributor+ Stored XSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...
CVE-2022-4488
The CVE (CVE-2022-4488) affects the WordPress Widgets on Pages plugin older than 1.8.0. The issue is that shortcode attributes are not validated or escaped before being echoed, enabling Stored XSS that could target high-privilege admins, with any contributor-level user potentially triggering payl...
PT-2023-14565 · WordPress · Widgets On Pages
Name of the Vulnerable Software and Affected Versions: Widgets on Pages WordPress plugin versions prior to 1.8.0 Description: The issue concerns the failure to validate and escape shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scriptin...
WordPress plugin Widgets on Pages 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Widgets on Pages <= 1.7.0 - Contributor+ Stored XSS
The plugin does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC widgetsonpages...
WordPress Widgets on Pages Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Widgets on Pages Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4488 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86b237a22e6a Credits Lana Codes Requir...