EUVD-2021-11391

Malware in sbrugna...

WordPress DrawBlog plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.DrawBlog plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in DrawBlog WordPres...

CVE-2021-24479

The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue...

CVE-2021-24479

The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue...

Cross site scripting

The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue...

CVE-2021-24479 DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)

The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue...

CVE-2021-24479

CVE-2021-24479 concerns the WordPress plugin DrawBlog (≤ 0.90). The vulnerability arises because the plugin does not sufficiently sanitize/validate certain settings before echoing them on the page, enabling an authenticated stored Cross-Site Scripting (XSS) condition. The issue requires authentic...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.DrawBlog plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in DrawBlog WordPres...

DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue As admin, put the following payload in the "Checkbox reminder" setting of the plugin: "alert/XSS/...

DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue PoC As admin, put the following payload in the "Checkbox reminder" setting of the plugin: "...

WordPress Drawblog Plugin <= 0.80 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Upgrade the plugin...

WordPress Drawblog Plugin <= 0.80 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Upgrade the plugin...

drawblog - CSRF

The DrawBlog WordPress plugin was affected by a CSRF security vulnerability...