31 matches found
Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)
The plugin allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized /wp-admin/admin.php?page=settings-wisw&tokenerror=alert/XSS/;...
CVE-2020-35482
SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS...
Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)
The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. http://example.com/wp-admin/edit.php?posttype=popupbuilder&page=sgpbSubscribers&sgpb-subscribers-date=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...
WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities
The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting
Description Julio Potier, from Secupress, found an authenticated admin+ reflected XSS in the Newspaper theme...
Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS
The Elementor Website Builder WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. PoC /wp-admin/admin.php?page=elementor-system-info%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1...
WordPress Quiz And Survey Master plugin <= 6.3.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability found by strongPiggg in WordPress Quiz And Survey Master plugin versions = 6.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 6.3.5...
Gallery Photoblocks < 1.1.43 - Authenticated Reflected XSS
The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. PoC When logged in with an account with administrator capabilities: https:///wp-admin/admin.php?page=photoblocks-edit="...
Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS
The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. Version...
WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS
Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Solution Update the plugin...
Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)
The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...