CVE-2020-29303

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories=%2F with drtsformbuildid parameter containing the XSS payload and t parameter...

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

CVE-2020-29303

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with drtsformbuildid parameter containing the XSS payload and t paramet...

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

CVE-2020-29303

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with drtsformbuildid parameter containing the XSS payload and t paramet...

Cross site scripting

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with drtsformbuildid parameter containing the XSS payload and t paramet...

Cross site scripting

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

CVE-2020-29304

CVE-2020-29304 concerns the SabaiApps WordPress Directories Pro plugin (versions ≤ 1.3.45). The vulnerability arises because the plugin did not sanitize inputs during CSV import, enabling arbitrary HTML/JavaScript injection when a site administrator is prompted to import a crafted CSV file. The r...

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

CVE-2020-29303

SabaiApps Directories Pro plugin for WordPress (version 1.3.45) contains an XSS vulnerability in the POST path /wp-admin/admin.php?page=drts/directories, caused by unsanitized _drts_form_build_id and an accompanying _t token. The issue enables arbitrary script/HTML injection and is fixed in versi...

CVE-2020-29303

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with drtsformbuildid parameter containing the XSS payload and t paramet...

WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability found by Jack Misiura The Missing Link in WordPress Directories Pro premium plugin versions = 1.3.45. Solution Update the WordPress Directories Pro premium plugin to the latest available version at least 1.3.46...

WordPress Directories Pro premium plugin <= 1.3.45 - Authenticated Self-Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Self-Reflected Cross-Site Scripting XSS vulnerability found by ack Misiura The Missing Link in WordPress Directories Pro premium plugin versions = 1.3.45. Solution Update the WordPress Directories Pro premium plugin to the latest available version at least 1.3.46...

Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting

The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection. PoC Iimport a CSV file containing the following in the header: 'term" autofocus onfocus=alert'Complex\u0020XSS';alertdocument.cookie;//'"...

Directories Pro < 1.3.46 - Authenticated Self-Reflected Cross-Site Scripting

The plugin did not sanitise the column names when importing a malicious CSV file, allowing for HTML or JavaScript injection. Iimport a CSV file containing the following in the header: 'term" autofocus onfocus=alert'Complex\u0020XSS';alertdocument.cookie;//'"...

Directories Pro < 1.3.46 - Authenticated Reflected Cross-Site Scripting

The plugin did not sanitise the drtsformbuildid parameter in a POST request to /wp-admin/admin.php?page=drts/directories, allowing for HTML or JavaScript injection...