WordPress plugin Image Hover Effects Ultimate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-26442 · WordPress · Image Hover Effects Ultimate

Name of the Vulnerable Software and Affected Versions: Image Hover Effects Ultimate plugin versions prior to 9.7.1 Description: The issue concerns an authentication WordPress options change vulnerability in the Image Hover Effects Ultimate plugin. Recommendations: For versions prior to 9.7.1,...

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to the plugin settings Image Hover Effects Ima...

Image Hover Effects < 5.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to the plugin settings Image Hover Effects...

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Hover Effects » Hover Effects » Add...

WordPress Image Hover Effects Css3 <= 4.5 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Image Hover Effects Css3 versions = 4.5. Solution Deactivate and delete. This plugin has been closed as of November 1, 2022 and is not available for download. This closure is temporary, pending a full...

Image Hover Effects Css3 <= 4.5 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Hover Effects » Hover Effects » Add New...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability discovered by Vlad Vector Patchstack in the WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

The vulnerability of the Beaver Builder plugin of the WordPress content management system, related to the lack of protective measures for website structures, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Beaver Builder plugin of the WordPress content management system exists due to the lack of protection for website structures when images with the “Caption – On Hover” property are used. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...

CVE-2022-2937

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2937

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

Cross site scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2937

CVE-2022-2937 — WordPress Image Hover Effects Ultimate is affected by a stored XSS vulnerability in the Image Hover feature. The issue stems from insufficient input sanitization and output escaping for the Title and Description fields when creating Image Hovers, enabling authenticated (low privil...

WordPress Plugin Image Hover Effects Ultimate 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

CVE-2022-2936

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Video Link values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2022-2935

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2517

The Beaver Builder – WordPress Page Builder for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Caption - On Hover' value associated with images in versions up to, and including, 2.5.5.2 due to insufficient input sanitization and output escaping. This makes it possible for...

Cross site scripting

The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2022-2935

CVE-2022-2935 affects the Image Hover Effects Ultimate WordPress plugin (versions up to and including 9.7.3). The root cause is insufficient input sanitization and output escaping in the Media Image URL value added to an Image Hover. This enables Stored XSS where an authenticated attacker can inj...

CVE-2022-2936

The CVE-2022-2936 issue affects the WordPress plugin Image Hover Effects Ultimate (versions up to and including 9.7.3). It is a Stored Cross-Site Scripting vulnerability caused by insufficient input sanitization and output escaping of Video Link values added to an Image Hover. Authenticated attac...