WordPress CMP - Coming Soon & Maintenance Plugin < 4.0.19 CSS Update Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

CVE-2021-24977

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

Cross site scripting

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the...

CVE-2021-24977

The CVE relates to the WordPress plugin Use Any Font | Custom Font Uploader, versions prior to 6.2.1. The root cause is missing authorization checks when assigning a font, which allows unauthenticated users to append arbitrary CSS that the frontend processes for all users. In addition, insufficie...

aleksautospb.ru Cross Site Scripting vulnerability OBB-2385752

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that allows remote attackers to attack via...

WordPress Visual CSS Style Editor plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Visual CSS Style Editor plugin in versions prior to 7.5.4 has a cross-site scripting vulnerability that stems from not cleaning up and escaping the wyppagetype parameter. An attacker...

blerdnation.com Cross Site Scripting vulnerability OBB-2359222

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ROS-20220202-01

Vulnerability in the GLPI request and incident handling system, related to insufficient clearing of the of user data in the reset button. Exploitation of the vulnerability could allow an attacker, acting remotely, to force a victim to click on a specially crafted link and execute arbitrary HTML a...

CVE-2021-24934

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24686

The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyppagetype parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24934

The Visual CSS Style Editor WordPress plugin for versions before 7.5.4 is vulnerable to a Reflected Cross-Site Scripting (XSS) due to improper sanitization/escaping of the wyp_page_type parameter in admin output. This can enable injection of JavaScript via the parameter, as documented by the Nucl...

WordPress plugin跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Visual CSS Style Editor plugin in versions prior to 7.5.4 has a cross-site scripting vulnerability that stems from not cleaning up and escaping the wyppagetype parameter. An attacker...

Bluffy - Convert Shellcode Into Different Formats!

Bluffy is a utility which was used in experiments to bypass Anti-Virus products statically by formatting shellcode into realistic looking data formats. Proof-of-concept tools, such as 0xBoku's NinjaUUIDRunner and ChoiSG's UuidShellcodeExec, inspired the initial concept for Bluffy. So far, we...

Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The plugin does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues PoC...

Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending

The plugin does not have any authorisation checks when assigning a font, allowing unauthenticated users to sent arbitrary CSS which will then be processed by the frontend for all users. Due to the lack of sanitisation and escaping in the backend, it could also lead to Stored XSS issues...

WordPress Use Any Font plugin <= 6.2 - Unauthenticated Arbitrary CSS Appending vulnerability

Unauthenticated Arbitrary CSS Appending vulnerability discovered by Krzysztof Zając in WordPress Use Any Font plugin versions = 6.2. Solution Update the WordPress Use Any Font plugin to the latest available version at least 6.2.1...