WP Brutal AI < 2.06 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC In the plugin settings, for a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via 1 the real name field, related to the user list; 2 the target parameter to login.php, 3 the title parameter to activities/some.php, 4 the companyname parameter to...