WordPress Flattr plugin <= 1.2.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Flattr versions = 1.2.2...

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3920

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3920

The CVE-2024-3920 entry covers the Flattr WordPress plugin (versions

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3920 Flattr <= 1.2.2 - Admin+ Stored XSS

The Flattr WordPress plugin through 1.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Flattr Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Flattr Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3920 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7b3c04a81031 Credits Bob Matyas Required privilege...

WordPress plugin Flattr 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Flattr <= 1.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Flattr" settings 2. In the...

Flattr <= 1.2.2 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Flattr" settings 2. In...

Instagram Photo Upload and Flattr Money Redirection Vulnerability

Affected app: Instagram Android/iOS Affected versions: 4.0.2, 4.1.2 and 4.2.7, probably also earlier versions affected. Summary Last year and earlier this year some vulnerabilities in Instagram Android/iOS were discovered, which give an attacker the ability to like and delete photos in the name o...