3 matches found
WordPress Plugin Oficial – Getnet para WooCommerce plugin < 1.8.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Plugin Oficial – Getnet para WooCommerce versions 1.8.1...
CVE-2025-1289
The CVE-2025-1289 entry concerns the Plugin Oficial WordPress plugin up to version 1.7.3. The vulnerability is a stored XSS risk caused by insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject XSS even when unfiltered_html is disallowed (no...
CVE-2025-1289 Plugin Oficial – Getnet para WooCommerce <= 1.7.3 - Admin+ Stored XSS
The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...