Lucene search
K

4 matches found

0day.today
0day.today
added 2018/04/11 12:0 a.m.44 views

Wordpress Activity Log 2.4.0 Plugin - Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729...

4.3CVSS0.0563EPSS
Exploits7
Exploit DB
Exploit DB
added 2018/04/05 12:0 a.m.34 views

WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting

Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE :...

6.1CVSS6.3AI score0.0563EPSS
Exploits7
ATTACKERKB
ATTACKERKB
added 2018/03/15 5:29 p.m.6 views

CVE-2018-8729

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

6.1CVSS5.5AI score0.0563EPSS
Exploits7References7
CVE
CVE
added 2018/03/15 5:0 p.m.61 views

CVE-2018-8729

CVE-2018-8729 describes multiple Stored XSS flaws in the WordPress Activity Log plugin (aryo-activity-log) prior to 2.4.1. The vulnerability stems from unescaped post/title data stored in logs (e.g., get_the_title calls), allowing remote attackers to inject JavaScript/HTML. Public exploit routes ...

6.1CVSS6AI score0.0563EPSS
Exploits7References5Affected Software1
Rows per page
Query Builder