CVE-2023-0174

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin WP VR 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress WP VR plugin <= 8.5.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin WP VR versions = 8.5.4...

PT-2023-16966 · WordPress · Wp Vr

Name of the Vulnerable Software and Affected Versions: WP VR WordPress plugin versions prior to 8.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because some parameters are not properly sanitised and escaped before being outputted back in the page. Th...