174 matches found
breadcrumb simple <= 1.3 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-35092
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...
CVE-2023-35092
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...
CVE-2023-35092 WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Abhay Yadav Breadcrumb simple plugin = 1.3 versions...
CVE-2023-35092
CVE-2023-35092 covers a stored XSS vulnerability in the WordPress breadcrumb-simple plugin up to version 1.3. The issue affects authenticated administrators (admin+) and can be triggered by malicious input stored by the plugin. Root cause is a stored XSS condition in the breadcrumb-simple plugin ...
WordPress plugin breadcrumb-simple 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-25141 · Unknown · Abhay Yadav Breadcrumb Simple Plugin
Name of the Vulnerable Software and Affected Versions: Abhay Yadav Breadcrumb simple plugin versions 1.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated administrators. This vulnerability allows an attacker to inject...
WordPress breadcrumb simple Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software breadcrumb simple Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35092 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 50a5e1d60df5 Credits Rio Darmawan Required...
CVE-2022-4836
The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
Cross site scripting
The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4836 Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode
The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4836
CVE-2022-4836 affects the Breadcrumb WordPress plugin prior to version 1.5.33. The vulnerability arises from not validating/escaping certain shortcode attributes before output, enabling Stored XSS where a low-privilege user (contributor) could compromise high-privilege users (admins). Public sour...
CVE-2022-4836 Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode
The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
WordPress plugin Breadcrumb 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Breadcrumb Plugin < 1.5.33 is vulnerable to Cross Site Scripting (XSS)
Software Breadcrumb Type Plugin Vulnerable versions 1.5.33 Fixed in 1.5.33 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4836 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 68e0f577b655 Credits Lana Codes Required...
Breadcrumb < 1.5.33 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
CVE-2022-2149
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2149
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...