4 matches found
CVE-2023-2029
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress PrePost SEO 3.0 Cross Site Scripting
Tittle: WordPress Plugin PrePost SEO " 2. Save and see XSS exploit. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b...
CVE-2023-2029
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2029
CVE-2023-2029 concerns the PrePost SEO WordPress plugin (versions <= 3.0). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by improper sanitization of certain settings, enabling high-privilege users to inject script even when unfiltered_html is disallowed (e.g., multisite)...