6 matches found
CVE-2021-24664
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...
WordPress WPSchoolPress 2.1.16 Plugin - (Multiple) Cross Site Scripting Vulnerability
Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.04 over WordPress...
WordPress WPSchoolPress 2.1.16 Cross Site Scripting
Exploit Title: WordPress Plugin WPSchoolPress 2.1.16 - 'Multiple' Cross Site Scripting XSS Date: 20/08/2021 Exploit Author: Davide Taraschi Vendor Homepage: https://wpschoolpress.com/ Software Link: https://wpschoolpress.com/free-download/ Version: up to 2.1.17 non included Tested on: Ubuntu 20.0...
CVE-2021-24664
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...
CVE-2021-24664 WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...
CVE-2021-24664
CVE-2021-24664: The WordPress plugin WPSchoolPress (School Management System) versions before 2.1.17 are vulnerable to Stored Cross-Site Scripting. The root cause is insufficient escaping of data output in attributes after sanitise_text_field() processing. Exploitable in the WordPress admin conte...