291 matches found
WordPress plugin Featured Image from URL (FIFU) 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2022-15412 · WordPress · Featured Image From Url
Name of the Vulnerable Software and Affected Versions: Featured Image from URL FIFU WordPress plugin versions prior to 4.0.1 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
WordPress plugin Featured Image from URL (FIFU) 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress Featured Image from URL plugin <= 3.9.9 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Raad Haddad in WordPress Featured Image from URL plugin versions = 3.9.9. Solution Update the WordPress Featured Image from URL plugin to the latest available version at least 4.0.0...
Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues PoC All...
CVE-2021-24932
The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...
Cross site scripting
The Auto Featured Image Auto Post Thumbnail WordPress plugin before 3.9.3 does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24932
The CVE-2021-24932 entry concerns the WordPress plugin Auto Featured Image (Auto Post Thumbnail) prior to version 3.9.3. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw caused by insufficient sanitisation/escaping of the post_id parameter in an admin page output within a JS block...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. Auto Featured Image Plugin is a WordPress open source application plugin. WordPress Auto Featured Image Plugin prio...
Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the postid parameter before outputting back in an admin page within a JS block, leading to a Reflected Cross-Site Scripting issue. PoC https://example.com/wp-admin/upload.php?page=menu-media-aptid=alert/XSS/...
WordPress Auto Featured Image (Auto Post Thumbnail) plugin <= 3.9.2 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Auto Featured Image Auto Post Thumbnail plugin versions = 3.9.2. Solution Update the WordPress Auto Featured Image Auto Post Thumbnail plugin to the latest available version at least 3.9.3...