4 matches found
Wordpress Activity Log 2.4.0 Plugin - Stored Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729...
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE :...
CVE-2018-8729
Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...
CVE-2018-8729
CVE-2018-8729 describes multiple Stored XSS flaws in the WordPress Activity Log plugin (aryo-activity-log) prior to 2.4.1. The vulnerability stems from unescaped post/title data stored in logs (e.g., get_the_title calls), allowing remote attackers to inject JavaScript/HTML. Public exploit routes ...