EUVD-2021-11493

Malware in sbrugna...

WordPress plugin Blue Admin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Blue Admin plugin <= 21.06.01 - Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS discovered by ABISHEIK M in WordPress Blue Admin plugin versions = 21.06.01. Solution Deactivate and delete. This plugin has been closed as of May 28, 2021 and is not available for download. Reason: Security Issue...

Blue Admin <= 21.06.01 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape its "Logo Title" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its settings, allowing the issue to be exploited via a CSRF attack. PoC Add the...