WordPress Bulk Creator plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Bulk Creator plugin 1.0.1 and earlier versions have a cross-site scripting vulnerability that stems from a failure to clean...

CVE-2022-0647 Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting

The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-0647

CVE-2022-0647 concerns the WordPress plugin Bulk Creator (versions up to 1.0.1). The vulnerability is a straightforward Reflected Cross-Site Scripting caused by the plugin failing to sanitize and escape the post_type parameter before echoing it back on an admin page. The root cause, as described ...

Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. https://example.com/wp-admin/admin.php?page=bulk-creator&posttype="...

Bulk Creator <= 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitize and escape the posttype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. PoC https://example.com/wp-admin/admin.php?page=bulk-creatortype="...

WordPress Bulk Creator plugin <= 1.0.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ran Crane in WordPress Bulk Creator plugin versions = 1.0.1. Solution Deactivate and delete. This plugin has been closed as of February 16, 2022 and is not available for download. This closure is temporary, pending a full review...