15 matches found
CVE-2024-2907
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
EUVD-2021-23399
Malware in sbrugna...
CVE-2024-33627 WordPress AGCA – Custom Dashboard & Login Page plugin <= 7.2.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2...
WordPress plugin AGCA 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-2907
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2907
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2907 AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2907 AGCA – Custom Dashboard & Login Page < 7.2.2 - Admin+ Stored XSS via Image URL
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2907
CVE-2024-2907 affects the AGCA – Custom Dashboard & Login Page WordPress plugin before version 7.2.2. The flaw stems from insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in ...
PT-2024-22695 · WordPress · Agca Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: AGCA WordPress plugin versions prior to 7.2.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and escaped, a...
WordPress plugin AGCA 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Custom Dashboard & Login Page – AGCA plugin <= 6.9.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by 0ppr2s in WordPress Custom Dashboard & Login Page – AGCA plugin versions = 6.9.5. Solution Update the WordPress Custom Dashboard & Login Page – AGCA plugin to the latest available version at least 7.0...
CVE-2021-36823
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin WordPress plugin allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin WordPress plugin: from n/a through 6.8...
CVE-2021-36823
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin WordPress plugin allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin WordPress plugin: from n/a through 6.8...
CVE-2021-36823 WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin WordPress plugin allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin WordPress plugin: from n/a through 6.8...