42 matches found
WordPress Insert Pages plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...
CVE-2021-24851
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...
CVE-2021-24850
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...
CVE-2021-24851
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...
CVE-2021-24850
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...
CVE-2021-24851 Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue...
CVE-2021-24851
The CVE-2021-24851 applies to the WordPress Insert Pages plugin prior to 3.7.0. Affected component: Insert Pages plugin (WordPress). Root cause: insufficient access control allowing users with a role as low as Contributor to access content and metadata from arbitrary posts/pages, regardless of au...
CVE-2021-24850 Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
The Insert Pages WordPress plugin before 3.7.0 adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields...
CVE-2021-24850
CVE-2021-24850 concerns the WordPress Insert Pages plugin (versions before 3.7.0). The vulnerability arises from a shortcode that can reveal other pages’ content and custom fields, enabling stored XSS when a user with as little as Contributor privileges embeds payloads in a post’s custom fields. ...
PT-2021-16333 · WordPress · Insert Pages
Name of the Vulnerable Software and Affected Versions: Insert Pages WordPress plugin versions prior to 3.7.0 Description: The issue allows users with a role as low as Contributor to access content and metadata from arbitrary posts or pages, regardless of their author and status, including private...
WordPress 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Insert Pages plugin has a cross-site scripting vulnerability in versions prior to 3.7.0, whi...
Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. - Create a page A - Add a custom field containing JS in...
Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. PoC insert page='pageslug' display='all' Where...
WordPress Insert Pages plugin <= 3.6.1 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Francesco Carlucci in WordPress Insert Pages plugin versions = 3.6.1. Solution Update the WordPress Insert Pages plugin to the latest available version at least 3.7.0...
Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting
The plugin adds a shortcode that prints out other pages' content and custom fields. It can be used by users with a role as low as Contributor to perform Cross-Site Scripting attacks by storing the payload/s in another post's custom fields. PoC - Create a page A - Add a custom field containing JS...
Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access
The plugin allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status ie private, using a shortcode. Password protected posts/pages are not affected by such issue. insert page='pageslug' display='all' Where pagesl...
CVE-2017-18586
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...
Directory traversal
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...
CVE-2017-18586
The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths...