4 matches found
WordPress VK All in One Expansion Unit Plugin < 9.87.1.0 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vektor-inc:vkallinoneexpansionunit"; ifdescription...
CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2023-0937 VK All in One Expansion Unit < 9.87.1.0 - Reflected XSS
The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2023-0937
The CVE-2023-0937 entry concerns the VK All in One Expansion Unit WordPress plugin prior to 9.87.1.0. The root cause is failure to escape the $_SERVER[REQUEST_URI] value before echoing it into an attribute, enabling Reflected Cross-Site Scripting. Affected component is the WordPress plugin code h...