CVE-2022-29424

Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...

WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Nguy Minh Tuan Patchstack Alliance in WordPress Image Hover Effects Ultimate plugin versions = 9.7.1. Solution Update the WordPress Image Hover Effects Ultimate plugin to the latest available version at least 9.7.2...

WordPress Text Hover plugin cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Text Hover plugin, which stems from the fact that the plugin does not clean up and...

CVE-2022-0737

The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0737

The CVE-2022-0737 entry concerns the WordPress Text Hover plugin (versions before 4.2). The root cause is that the text to hover is not sanitized/escaped, enabling stored Cross-Site Scripting by users with elevated privileges, even when unfiltered_html is disallowed. Affected software: WordPress ...

WordPress plugin Text Hover 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Text Hover plugin, which stems from the fact that the plugin does not clean up and...

WordPress Weblizar Pin It Button On Image Hover And Post plugin <= 3.2 - Arbitrary Settings Update vulnerability

Arbitrary Settings Update vulnerability discovered by Jan w Oleju in WordPress Weblizar Pin It Button On Image Hover And Post plugin versions = 3.2. Solution Update the WordPress Weblizar Pin It Button On Image Hover And Post plugin to the latest available version at least 3.4...

Weblizar Pin It Button On Image Hover And Post < 3.4 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and proper CSRF check when saving its settings, allowing any authenticated users, such as subscribers to update them fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body": new...

Weblizar Pin It Button On Image Hover And Post < 3.4 - Subscriber+ Arbitrary Settings Update

The plugin does not have authorisation and proper CSRF check when saving its settings, allowing any authenticated users, such as subscribers to update them PoC fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "body": new...

Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following in the plugin's settings: test = " Tick the "Enable text hover in...

WordPress Text Hover plugin <= 4.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Rohan Chaudhari in WordPress Text Hover plugin versions = 4.1. Solution Update the WordPress Text Hover plugin to the latest available version at least 4.2...

Jeecg-Boot Cross-Site Scripting Vulnerability

Jeecg-Boot is a low-code platform based on the code generator from the JeecgBoot community. Jeecg-Boot 3.0 has a security vulnerability that stems from a cross-site script in /jeecg-boot/jmreport/view that causes a mouse hover event. No details of the vulnerability are currently available...

Jeecg-Boot 跨站脚本漏洞

Jeecg-Boot is a low-code platform based on the code generator from the JeecgBoot community. Jeecg-Boot 3.0 has a security vulnerability that stems from a cross-site script in /jeecg-boot/jmreport/view that causes a mouse hover event. No details of the vulnerability are currently available...

XpressEngine 跨站脚本漏洞

XpressEngine XE is a CMS Content Management System that allows anyone to publish content easily, conveniently and freely. With an open source license, anyone can use or modify it, and as an open project, anyone can participate in its development. XE suffers from a security vulnerability that stem...

CVE-2021-25031

The Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25031

The Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

Cross site scripting

The Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25031 Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting

The Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2021-25031

The CVE concerns WordPress plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) versions before 9.7.1. The root cause is failure to escape the effects parameter when echoed into an attribute on an admin page, enabling a Reflected Cross-Site Scripting (XS...

WordPress plugin 跨站脚本漏洞

WordPress plugin is a WordPress open source application plugin . WordPress plugin Image Hover Effects Ultimate Image Gallery, Effects, Lightbox, Comparison or Magnifier plugin A cross-site scripting vulnerability exists in versions prior to 9.7.1, which stems from attributes that output back to t...