Lucene search
+L

131 matches found

WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.20 views

E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping

Description The plugin does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC 1 Create a new template on...

4.8CVSS4.8AI score0.00402EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2022/03/09 12:0 a.m.52 views

WordPress E2Pdf Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress E2Pdf Plugin versions prior to 1.16.45 that stems fro...

4.8CVSS4.9AI score0.01262EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/07 9:15 a.m.8 views

CVE-2022-0535

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.01262EPSS
Exploits2References4
OSV
OSV
added 2022/03/07 9:15 a.m.4 views

CVE-2022-0535

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.01262EPSS
Exploits2References2
NVD
NVD
added 2022/03/07 9:15 a.m.27 views

CVE-2022-0535

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.01262EPSS
Exploits2References2
Prion
Prion
added 2022/03/07 9:15 a.m.23 views

Cross site scripting

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.6AI score0.01262EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2022/03/07 8:16 a.m.29 views

CVE-2022-0535 E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)

The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.01262EPSS
Exploits2References2
CVE
CVE
added 2022/03/07 8:16 a.m.110 views

CVE-2022-0535

WordPress E2Pdf plugin prior to 1.16.45 is affected. The vulnerability is a Cross-Site Scripting flaw caused by insufficient sanitization/escaping of certain settings, allowing an attacker to inject scripts in the context of authenticated users even when unfiltered_html is disallowed. Impact coul...

4.8CVSS4.7AI score0.01262EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/03/07 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress E2Pdf Plugin versions prior to 1.16.45 that stems fro...

4.8CVSS5.7AI score0.01262EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2022/02/09 12:0 a.m.18 views

E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98....

4.8CVSS1.1AI score0.01262EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/02/09 12:0 a.m.118 views

E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Refer to https://mikadmin.fr/tech/XSS-Stored-E2Pdf-798ef69b0e13c36acf5446358d57c965Dx90666bNvCw98.pdf...

4.8CVSS1.8AI score0.01262EPSS
Exploits2References1
Rows per page
Query Builder