Lucene search
+L

8 matches found

NVD
NVD
added 2021/09/13 6:15 p.m.39 views

CVE-2021-24619

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

4.8CVSS0.00617EPSS
Exploits2References1
CVE
CVE
added 2021/09/13 5:56 p.m.53 views

CVE-2021-24619

The CVE-2021-24619 refers to the WordPress Per Page Add to Head plugin (

4.8CVSS4.7AI score0.00617EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.49 views

CVE-2021-24619 Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

5AI score0.00617EPSS
Exploits2References1
CVE
CVE
added 2021/09/13 5:56 p.m.78 views

CVE-2021-24586

CVE-2021-24586 affects the WordPress plugin “Per page add to head” (versions before 1.4.4). The vulnerability arises from a lack of CSRF protection when saving settings, enabling a logged-in admin’s actions to be manipulated. The plugin also allows arbitrary HTML to be inserted in one setting, cr...

4.3CVSS4.5AI score0.00483EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.18 views

CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...

4.7AI score0.00483EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/09/13 12:0 a.m.7 views

WordPress plugin Per page add to head 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS5AI score0.00483EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/08/11 12:0 a.m.18 views

Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. PoC Put the following payload ...

4.8CVSS1AI score0.00617EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/08/11 12:0 a.m.19 views

WordPress Per page add to head plugin <= 1.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Prashant Karman Patel in WordPress Per page add to head plugin versions = 1.4.4. Solution This plugin has been closed as of June 7, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS1.2AI score0.00617EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder