A PinchTab Security Policy Bypass in /wait Allows Arbitrary JavaScript Execution

Summary PinchTab v0.8.3 through v0.8.5 allow arbitrary JavaScript execution through POST /wait and POST /tabs/id/wait when the request uses fn mode, even if security.allowEvaluate is disabled. POST /evaluate correctly enforces the security.allowEvaluate guard, which is disabled by default. Howeve...

PT-2019-9287 · WordPress · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import plugin version 3.4.9 Description: The issue concerns an XSS vulnerability via the action=evaluate endpoint. It is noted that the vendor does not consider this a vulnerability, as the plugin can only be used by a logged-in...