131 matches found
E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping
Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC 1 Create a new template on...
WordPress E2Pdf Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress E2Pdf Plugin versions prior to 1.16.45 that stems fro...
CVE-2022-0535
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0535
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0535
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0535 E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0535
WordPress E2Pdf plugin prior to 1.16.45 is affected. The vulnerability is a Cross-Site Scripting flaw caused by insufficient sanitization/escaping of certain settings, allowing an attacker to inject scripts in the context of authenticated users even when unfiltered_html is disallowed. Impact coul...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress E2Pdf Plugin versions prior to 1.16.45 that stems fro...
E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98....
E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf...