3 matches found
WordPress Evaluate plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Evaluate plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariah Almotlag in the WordPress Evaluate plugin versions = 1.0. Solution No patched version available...
Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Go to Settings ยป Evaluate ยป Add New. 2...