23 matches found
WordPress Easy Pricing Tables <3.2.1 - Cross-Site Scripting
WordPress Easy Pricing Tables plugin before 3.2.1 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter before reflecting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled. id:...
PT-2024-38938 · WordPress · Easy Pricing Tables
Name of the Vulnerable Software and Affected Versions: Easy Pricing Tables plugin for WordPress versions up to, and including, 3.2.6 Description: The issue is related to Stored Cross-Site Scripting via the fontFamily attribute due to insufficient input sanitization and output escaping. This allow...
WordPress plugin Easy Pricing Tables 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Easy Pricing Tables plugin <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Easy Pricing Tables versions = 3.2.6...
WordPress Easy Pricing Tables Plugin <= 3.2.6 is vulnerable to Cross Site Scripting (XSS)
Software Easy Pricing Tables Type Plugin Vulnerable versions = 3.2.6 Fixed in 3.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8323 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255a8654742f Credits Francesco Carlucci...
CVE-2024-8871 Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.5 - Reflected Cross-Site Scripting
The Pricing Tables WordPress Plugin – Easy Pricing Tables plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.5. This makes it possible for unauthenticated attackers to...
CVE-2024-8871
CVE-2024-8871 affects the Pricing Tables WordPress Plugin – Easy Pricing Tables. The vulnerability is a Reflected Cross‑Site Scripting flaw caused by using add_query_arg without proper escaping, present in all versions up to 3.2.5. It allows unauthenticated attackers to inject scripts into pages ...
WordPress Pricing Tables WordPress Plugin – Easy Pricing Tables plugin <= 3.2.5 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Easy Pricing Tables versions = 3.2.5...
WordPress Easy Pricing Tables Plugin <= 3.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Easy Pricing Tables Type Plugin Vulnerable versions = 3.2.5 Fixed in 3.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8871 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 642ead38dfc7 Credits vgo0 Required...
Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Note: Enable compatibility mode by going to the settings of the plugins. Exploit shortcode: easy-pricing-toggle...
WordPress Easy Pricing Tables Plugin < 3.2.3 is vulnerable to Cross Site Scripting (XSS)
Software Easy Pricing Tables Type Plugin Vulnerable versions 3.2.3 Fixed in 3.2.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4654 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 544b1a3a176c Credits István Márton...
Pricing Tables WordPress Plugin – Easy Pricing Tables < 3.2.3 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. Note: Enable compatibility mode by going to the settings of the plugins. Exploit shortcode: easy-pricing-toggle...
WordPress Fatcat Apps Easy Pricing Tables plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Fatcat Apps Easy Pricing Tables plugin 3.1.2 and earlier versions contain a cross-site...
CVE-2021-36866
Authenticated author or higher role Stored Cross-Site Scripting XSS vulnerability in Fatcat Apps Easy Pricing Tables plugin = 3.1.2 at WordPress...
Cross site scripting
Authenticated author or higher role Stored Cross-Site Scripting XSS vulnerability in Fatcat Apps Easy Pricing Tables plugin = 3.1.2 at WordPress...
WordPress plugin Fatcat Apps Easy Pricing Tables 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Fatcat Apps Easy Pricing Tables plugin 3.1.2 and earlier versions contain a cross-site...
CVE-2021-36866 WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated author or higher role Stored Cross-Site Scripting XSS vulnerability in Fatcat Apps Easy Pricing Tables plugin = 3.1.2 at WordPress...
CVE-2021-36866
Summary: CVE-2021-36866 affects the Fatcat Apps Easy Pricing Tables WordPress plugin up to version 3.1.2. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of inputs in the plugin, enabling an authenticated user (author or hi...
CVE-2021-36866 WordPress Easy Pricing Tables plugin <= 3.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated author or higher role Stored Cross-Site Scripting XSS vulnerability in Fatcat Apps Easy Pricing Tables plugin = 3.1.2 at WordPress...
Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
The plugin does not sanitise and escape parameter before outputting it back in a page available to any user both authenticated and unauthenticated when a specific setting is enabled, leading to a Reflected Cross-Site Scripting PoC With the "Compatibility Mode"...