4 matches found
CVE-2022-0994
CVE-2022-0994 : The WordPress Hummingbird plugin (versions Configs. Remediation: upgrade to version 3.3.2 or later. If upgrading isn’t possible, applying vendor-provided patches or mitigations per advisories is advised.
CVE-2022-0994 Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting
The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress Hummingbird Plugin < 3.3.2 - Stored Cross-Site Scripting Vulnerability
Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...
WordPress Hummingbird Cross Site Scripting
Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...