Lucene search
K

31 matches found

wpexploit
wpexploit
added 2021/03/14 12:0 a.m.521 views

Social Slider Widget < 1.8.5 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized /wp-admin/admin.php?page=settings-wisw&tokenerror=alert/XSS/;...

3.5CVSS1.9AI score0.00679EPSS
Exploits2References1
OSV
OSV
added 2021/02/03 4:15 p.m.4 views

CVE-2020-35482

SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS...

5.4CVSS6.1AI score0.01523EPSS
Exploits0References1
wpexploit
wpexploit
added 2021/02/02 12:0 a.m.134 views

Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS)

The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. http://example.com/wp-admin/edit.php?posttype=popupbuilder&page=sgpbSubscribers&sgpb-subscribers-date=%22%3E%3Cscript%3Ealert%28origin%29%3C%2Fscript%3E Video:...

0.9AI score0.00734EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/08/04 12:0 a.m.23 views

WordPress Newsletter Plugin < 6.8.2 Multiple Vulnerabilities

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

8.8CVSS6.9AI score0.02082EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2020/06/03 12:0 a.m.15 views

Newspaper < 10.3.4 - Authenticated Reflected Cross-Site Scripting

Description Julio Potier, from Secupress, found an authenticated admin+ reflected XSS in the Newspaper theme...

6AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/01/29 12:0 a.m.43 views

Elementor Page Builder < 2.8.5 - Authenticated Reflected XSS

The Elementor Website Builder WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. PoC /wp-admin/admin.php?page=elementor-system-info%22%3e%3cscript%0csrc%3d//0x7f000001%3e%3c/script%3e=1...

3.5CVSS2.3AI score0.01288EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2019/12/15 12:0 a.m.17 views

WordPress Quiz And Survey Master plugin <= 6.3.4 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found by strongPiggg in WordPress Quiz And Survey Master plugin versions = 6.3.4. Solution Update the WordPress Quiz And Survey Master plugin to the latest available version at least 6.3.5...

6.1CVSS2AI score0.01663EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/09 12:0 a.m.23 views

Gallery Photoblocks < 1.1.43 - Authenticated Reflected XSS

The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. PoC When logged in with an account with administrator capabilities: https:///wp-admin/admin.php?page=photoblocks-edit="...

3.5CVSS0.9AI score0.01318EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2019/06/24 12:0 a.m.22 views

Custom 404 Pro < 3.2.9 - Authenticated Reflected XSS

The Custom 404 Pro WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability. Version...

4.3CVSS2.1AI score0.01869EPSS
Exploits2References1
Patchstack
Patchstack
added 2016/03/01 12:0 a.m.15 views

WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS

Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users. Solution Update the plugin...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2015/08/04 12:0 a.m.14 views

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. PoC http://www.example.com/wp-admin/admin.php?page=nf-processing=...

Exploits0References2Affected Software1
Rows per page
Query Builder