CVE-2022-2340

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2340

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2340

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2340 W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2340

CVE-2022-2340 — Affected: W-DALIL WordPress plugin (≤ 2.0). Description: non-sanitized/escaped fields allow Stored XSS when unfiltered_html is disallowed (e.g., multisite). Impact: potential for script execution by high-privilege authenticated users (admin). CVSS 3.1 base score 4.8 (Medium) with ...

WordPress plugin W-DALIL 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress W-DALIL plugin <= 2.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq HunterSherlock in WordPress W-DALIL plugin versions = 2.0. Solution No patched version available...

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add/edit a Dali Item and put the following payload in...

W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup Add/edit a Dali Item and put the following payload in one...

WordPress W-DALIL 2.0 Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin W-DALIL - Stored Cross Site Scripting Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/w-dalil/ Version: 2.0 Tested on: Firefox Contact me: email protected Vulnerable Code: " value="" / Steps To Reproduce : 1 - First...

WordPress W-DALIL 2.0 Cross Site Scripting

Exploit Title: WordPress Plugin W-DALIL - Stored Cross Site Scripting Date: 27-06-2022 Exploit Author: Mariam Tariq - HunterSherlock Vendor Homepage: https://wordpress.org/plugins/w-dalil/ Version: 2.0 Tested on: Firefox Contact me: [email protected] Vulnerable Code: " value="" / Steps To...

Saudi Arabia smart phone application Dalil is burst serious vulnerability: the more than 500 million users information was leaked-vulnerability warning-the black bar safety net

Dalil is a similar to Truecaller's smart phone application, but only limited to Saudi Arabia and other Arab regions of the user. Due to the application of the use of the MongoDB database can not enter the password in the case of online access, causing the user data of the continued leak of the we...

Saudi caller ID app Dalil leaked data of over 5 Million users

By Uzair Amir Thanks to yet another unsecure MongoDB Server. Dalil is a Saudi caller ID app that is reportedly been leaking user data because of storing it on an unsecure MongoDB server. Within a week private data of over 5 million Dalil users has been leaked and the data is available online easi...