10 matches found
EUVD-2021-11442
Malware in sbrugna...
CVE-2021-24530
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24530
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24530
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24530
CVE-2021-24530 affects the WordPress Alojapro Widget plugin up to version 1.1.15. The vulnerability arises from improper sanitisation of Custom CSS settings, enabling authenticated, high-privilege users to perform stored XSS even when unfiltered_html is disabled. Reported PoCs show injected scrip...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Alojapro Widget 1.1.15 and earlier versions, which stems from the plugin not properly cleaning up its custom CSS settings, allowing an elevated privilege user t...
Alojapro Widget < 1.1.16 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following code in the Custom CSS settings of the plugin setTimeout"alert'1'",3000...
Alojapro Widget < 1.1.16 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following code in the Custom CSS settings of the plugin setTimeout"alert'1'",3000...
WordPress Alojapro Widget plugin <= 1.1.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by xiahao in WordPress Alojapro Widget plugin versions = 1.1.15. Solution Update the WordPress Alojapro Widget plugin to the latest available version at least 1.1.16...