CVE-2024-56015

CVE-2024-56015 concerns a CSRF vulnerability in the Tidy Up WordPress plugin by John Godley that enables a reflected XSS. Public details in the connected Red Hat entry describe the issue as a CSRF vulnerability that allows reflected XSS, affecting versions from unknown public release up to 1.3. T...

WordPress Redirection 2.2.8 Cross Site Scripting

Vulnerability ID: HTB23038 Reference: https://www.htbridge.ch/advisory/xssinredirectionwordpressplugin.html Product: Redirection wordpress plugin Vendor: John Godley http://urbangiraffe.com Vulnerable Version: 2.2.8 and probably prior Tested Version: 2.2.8 Vendor Notification: 10 August 2011...

CVE-2008-0837

Cross-site scripting XSS vulnerability in the log feature in the John Godley Search Unleashed 0.2.10 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, which is not properly handled when the administrator views the log file...

CVE-2008-0837

CVE-2008-0837 is a cross-site scripting (XSS) vulnerability in the log feature of the WordPress plugin “Search Unleashed” (v0.2.10) by John Godley. The issue arises from improper handling of the s parameter, enabling an attacker to inject arbitrary script/HTML when an administrator views the log ...

unleashed-xss.txt

Hello all, There is a bug in "Log" function of Search Unleashed by John Godley, version 0.2.10. This plug-in stores search queries but does not validates stored data and put them back "raw" to browser. HTML and Java Script can be injected with search request:...