CVE-2024-8799

The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

CVE-2021-4407

The CVE-2021-4407 issue affects the Custom Banners WordPress plugin, where Cross-Site Request Forgery is possible due to missing/incorrect nonce validation in saveCustomFields(). Versions up to and including 3.2.2 are affected. Attackers without authentication could cause changes by tricking an a...

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

CVE-2021-4407 Custom Banners <= 3.2.2 - Cross-Site Request Forgery Bypass

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

PT-2023-12519 · WordPress · Custom Banners

Name of the Vulnerable Software and Affected Versions: Custom Banners plugin for WordPress versions up to and including 3.2.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the saveCustomFields function. This allows unauthenticated...

WordPress Custom Banners plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by WPScan Team in WordPress Custom Banners plugin versions = 3.2.2. Solution Update the WordPress Custom Banners plugin to the latest available version at least 3.3...

Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields

The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 PoC Send a request without the...

Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields

The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 Send a request without the my-custom-fieldswpnonc...

Custom Banners 1.2.2.2 - Cross-Site Scripting (XSS)

The Custom Banners WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

CVE-2014-4724

Cross-site scripting XSS vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custombannersregisteredname parameter to wp-admin/options.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custombannersregisteredname parameter to wp-admin/options.php...

CVE-2014-4724

Cross-site scripting XSS vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custombannersregisteredname parameter to wp-admin/options.php...

WordPress Custom Banners 1.2.2.2 Cross Site Scripting

Exploit Title : Wordpress custom-banners 1.2.2.2 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://wordpress.org/plugins/custom-banners/ Software Link : http://downloads.wordpress.org/plugin/custom-banners.zip Date : 2014-06-28 Tested on : Windows 7 /...