8 matches found
CVE-2021-24619
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
CVE-2021-24619
The CVE-2021-24619 refers to the WordPress Per Page Add to Head plugin (
CVE-2021-24619 Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...
CVE-2021-24586
CVE-2021-24586 affects the WordPress plugin “Per page add to head” (versions before 1.4.4). The vulnerability arises from a lack of CSRF protection when saving settings, enabling a logged-in admin’s actions to be manipulated. The plugin also allows arbitrary HTML to be inserted in one setting, cr...
CVE-2021-24586 Per Page Add to Head < 1.4.4 - CSRF to Stored XSS
The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this...
WordPress plugin Per page add to head 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS
The plugin does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues. Note: The plugin is no longer maintained. PoC Put the following payload ...
WordPress Per page add to head plugin <= 1.4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Prashant Karman Patel in WordPress Per page add to head plugin versions = 1.4.4. Solution This plugin has been closed as of June 7, 2021 and is not available for download. Reason: Security Issue...