Lucene search
K

42 matches found

CNVD
CNVD
added 2021/11/21 12:0 a.m.21 views

WordPress Insert Pages plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...

5.4CVSS1AI score0.00604EPSS
Exploits2References1
NVD
NVD
added 2021/11/17 11:15 a.m.9 views

CVE-2021-24851

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

4.3CVSS0.00913EPSS
Exploits2References2
OSV
OSV
added 2021/11/17 11:15 a.m.7 views

CVE-2021-24850

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

5.4CVSS5.8AI score0.00604EPSS
Exploits2References1
OSV
OSV
added 2021/11/17 11:15 a.m.9 views

CVE-2021-24851

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

4.3CVSS5.9AI score0.00913EPSS
Exploits2References2
NVD
NVD
added 2021/11/17 11:15 a.m.28 views

CVE-2021-24850

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

5.4CVSS0.00604EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/11/17 10:15 a.m.15 views

CVE-2021-24851 Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...

5AI score0.00913EPSS
Exploits2References2
CVE
CVE
added 2021/11/17 10:15 a.m.55 views

CVE-2021-24851

The CVE-2021-24851 applies to the WordPress Insert Pages plugin prior to 3.7.0. Affected component: Insert Pages plugin (WordPress). Root cause: insufficient access control allowing users with a role as low as Contributor to access content and metadata from arbitrary posts/pages, regardless of au...

4.3CVSS4.6AI score0.00913EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2021/11/17 10:15 a.m.27 views

CVE-2021-24850 Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...

5.6AI score0.00604EPSS
Exploits2References1
CVE
CVE
added 2021/11/17 10:15 a.m.66 views

CVE-2021-24850

CVE-2021-24850 concerns the WordPress Insert Pages plugin (versions before 3.7.0). The vulnerability arises from a shortcode that can reveal other pages’ content and custom fields, enabling stored XSS when a user with as little as Contributor privileges embeds payloads in a post’s custom fields. ...

5.4CVSS5.3AI score0.00604EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/11/17 12:0 a.m.11 views

PT-2021-16333 · WordPress · Insert Pages

Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.0 Description: The issue allows users with a role as low as Contributor to access content and metadata from arbitrary posts or pages, regardless of their author and status, including private...

4.3CVSS4.6AI score0.00913EPSS
Exploits2References4
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.6 views

WordPress 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...

4.3CVSS5.9AI score0.00913EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.8 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.539 views

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. - Create a page A - Add a custom field containing JS in...

5.4CVSS1.2AI score0.00604EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.19 views

Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. PoC insert page='pageslug' display='all' Where...

4.3CVSS5.2AI score0.00913EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/10/18 12:0 a.m.13 views

WordPress Insert Pages plugin <= 3.6.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Insert Pages plugin versions = 3.6.1. Solution Update the WordPress Insert Pages plugin to the latest available version at least 3.7.0...

5.4CVSS2.1AI score0.00604EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/10/18 12:0 a.m.19 views

Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting

The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. PoC - Create a page A - Add a custom field containing JS...

5.4CVSS0.9AI score0.00604EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/10/18 12:0 a.m.527 views

Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access

The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. insert page='pageslug' display='all' Where pagesl...

4.3CVSS2.8AI score0.00913EPSS
Exploits2References1
OSV
OSV
added 2019/08/22 7:15 p.m.6 views

CVE-2017-18586

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...

9.1CVSS5.8AI score0.02503EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 7:15 p.m.13 views

Directory traversal

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...

6.4CVSS9.2AI score0.02503EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 6:50 p.m.23 views

CVE-2017-18586

The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...

9.4AI score0.02503EPSS
Exploits0References1
Rows per page
Query Builder