Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting

The plugin does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such as subscriber is able to call it and perform...

Cross site scripting

The Simple Social Media Share Buttons WordPress plugin before 3.2.4 does not escape the Share Title settings before outputting it in the frontend pages or posts depending on the settings used, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml...

Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed. PoC The plugin requires the Storefront theme Go to Appearance Customize...

Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Floating Widget Settings Custom tex...

Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the Floating Widget Settings Custom text fo...

Cross site scripting

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. To execute the XSS on all frontend pages and plugin's setting page, add the following payload in the...

WPFront Notification Bar < 2.1.0.08087 - Authenticated Stored XSS

The plugin does not properly sanitise and escape its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC To execute the XSS on all frontend pages and plugin's setting page, add the following payload in...

Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Message setting of the plugin: alert/XSS/ The XS...

Sitewide Notice WP < 2.3 - Authenticated Stored XSS

The plugin does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Message setting of the plugin: The XSS will ...

Cookie Law Bar <= 1.2.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not properly sanitise its Bar Message setting, allowing high privilege users to set an XSS payload in it, which will be triggered in all frontend page of the blog. PoC As admin, go the plugin settings /wp-admin/options-general.php?page=clb and set a payload such as in the Bar...

SQL injection vulnerability in the co***.aspx and de***.aspx files in the frontend of Gallery, a Qixing image & video library.

Qixing Image & Video GalleryGallery is mainly used to store images or videos in the company. SQL injection vulnerability exists in the frontend co.aspx and de.aspx files of the Qixing Image & Video Gallery, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2018-12229

Cross-site scripting XSS vulnerability in Public Knowledge Project PKP Open Journal System OJS 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter aka the By Author field...