2 matches found
WordPress和WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Downgrade plugin version before 1.2.3 has a cross-site scripting vulnerability, which can be exploited by attackers to...
WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting
The plugin only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed Access the settings of the...