EUVD-2021-11215

Malware in sbrugna...

CVE-2021-24301

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting XSS in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users...

WordPress Canecto Connecticator plugin <= 1.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Canecto Connecticator plugin versions = 1.0.0. Solution No patched version available...

WordPress Hotjar Connecticator plugin <= 1.1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Hotjar Connecticator plugin versions = 1.1.1. Solution No patched version available...

WordPress Hotjar Connecticator plugin <= 1.1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Hotjar Connecticator plugin versions = 1.1.1. Solution No patched version available...

WordPress Canecto Connecticator plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Canecto Connecticator plugin versions = 1.0.0. Solution No patched version available...

CVE-2021-24301

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting XSS in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users...

CVE-2021-24301

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting XSS in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users...

Cross site scripting

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting XSS in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users...

CVE-2021-24301

The CVE-2021-24301 entry applies to the WordPress plugin Hotjar Connecticator (

CVE-2021-24301 Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting XSS in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users...

WordPress Hotjar Connecticator plugin <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Kishore Hariram in WordPress Hotjar Connecticator plugin versions = 1.1.1. Solution This plugin has been closed as of May 5, 2021 and is not available for download. This closure is temporary, pending a full review...

Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. Step 1: Install and activate the plugin "Hotjar...

Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. PoC Step 1: Install and activate the plugin "Hotjar...