WordPress GN Publisher <1.5.6 - Cross-Site Scripting

WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow th...

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS Vulnerability

WordPress plugins Watu Quiz versions 3.3.9 and below, GN Publisher versions 1.5.5 and below, and Japanized For WooCommerce versions 2.5.4 and below suffer from cross site scripting vulnerabilities. Description: Reflected Cross-Site Scripting Affected Plugin: Watu Quiz Plugin Slug: watu Affected...

WordPress Watu Quiz 3.3.9 / GN Publisher 1.5.5 / Japanized For WooComerce 2.5.4 XSS

Description: Reflected Cross-Site Scripting Affected Plugin: Watu Quiz Plugin Slug: watu Affected Versions: = 3.3.9 CVE ID: CVE-2023-0968 CVSS Score: 6.1 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Researcher/s: Marco Wotschka Fully Patched Version: 3.3.9.1 Description:...

Multiple Reflected Cross-Site Scripting Vulnerabilities in Three WordPress Plugins Patched

The Wordfence Threat Intelligence Team recently disclosed several Reflected Cross-Site Scripting vulnerabilities that we discovered in three different plugins - Watu Quiz installed on 5,000 sites, GN-Publisher installed on 40,000 sites, and Japanized For WooCommerce installed on 10,000 sites. As...

WordPress GN Publisher Plugin <= 1.5.5 is vulnerable to Cross Site Scripting (XSS)

Software GN Publisher Type Plugin Vulnerable versions = 1.5.5 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1080 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 791c76b450de Credits Marco Wotschka Required...

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-1080

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

Cross site scripting

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-1080

CVE-2023-1080 relates to the WordPress GN Publisher plugin. The GN Publisher plugin is vulnerable up to version 1.5.5 to a reflected Cross‑Site Scripting (XSS) via the tab parameter due to insufficient input sanitization and output escaping. An unauthenticated attacker could cause a user’s browse...

CVE-2023-1080 GN Publisher <= 1.5.5 - Reflected Cross-Site Scripting

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress plugin GN Publisher 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-16738 · WordPress · Gn Publisher

Name of the Vulnerable Software and Affected Versions: GN Publisher plugin for WordPress versions up to, and including, 1.5.5 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...

GN Publisher < 1.5.6 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC...

GN Publisher < 1.5.6 - Reflected XSS

The plugin does not sanitise and escape the tab parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...