5 matches found
CVE-2021-24426
The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...
WordPress plugin has an unspecified vulnerability (CNVD-2021-59599)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. Backup by 10Web WordPress Plugin 1.0.20 and earlier has...
Cross site scripting
The Backup by 10Web – Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue...
CVE-2021-24426
The CVE-2021-24426 issue affects the WordPress plugin Backup by 10Web – Backup and Restore (versions up to 1.0.20). The underlying flaw is failure to sanitize/escape the tab parameter before echoing it in the page, which enables a reflected Cross-Site Scripting (XSS) vulnerability. Several connec...
Backup by 10Web <= 1.0.20 - Reflected Cross-Site Scripting (XSS)
The plugin does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting issue PoC http://example.com/wp-admin/admin.php?page=buwdrestore=general%22%3E%3Cimg%20src=x%20onerror=alertdocument.domain;%20m0ze...