16 matches found
CVE-2024-10709
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10710
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress YaDisk Files plugin <= 1.2.5 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...
WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...
CVE-2024-10710
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10709
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10709
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10710
CVE-2024-10710 (YaDisk Files WordPress plugin) affects YaDisk Files up to version 1.2.5. The Red Hat and other sources confirm the issue: the plugin does not sanitise/escape certain settings, enabling Stored XSS by high-privilege users (admin) even when unfiltered_html is disallowed. Technical de...
CVE-2024-10710 YaDisk Files <= 1.2.5 - Admin+ Stored XSS
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10710 YaDisk Files <= 1.2.5 - Admin+ Stored XSS
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10709 YaDisk Files <= 1.2.5 - Contributor+ Stored XSS via Shortcode
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin YaDisk Files 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress YaDisk Files Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software YaDisk Files Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10710 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 827a3585508c Credits WPscan Required privilege...
WordPress YaDisk Files Plugin <= 1.2.5 is vulnerable to Cross Site Scripting (XSS)
Software YaDisk Files Type Plugin Vulnerable versions = 1.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10709 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4a2ea7269829 Credits WPscan Required privilege...
WordPress plugin YaDisk Files 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-16483
Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The YaDisk Files WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...