18 matches found
WordPress Kunze Law plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...
CVE-2025-15486
The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...
CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...
CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...
CVE-2025-15486
CVE-2025-15486 concerns the WordPress Kunze Law plugin (versions
WordPress plugin Kunze Law 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Kunze Law plugin, which originates from obtaining HTML content from a remote server and injecting it into a page...
PT-2026-2826
The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. This makes it possible fo...
WordPress Kunze Law plugin <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin Kunze Law versions = 2.1...
CVE-2022-0674
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0674
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0674
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0674
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0674 Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting
The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0674
CVE-2022-0674 affects the Kunze Law WordPress plugin prior to version 2.1, where the plugin does not escape the E-Mail Error "From" Address setting. This enables stored XSS by high-privilege users (e.g., admins) when unfiltered_html is disallowed. Evidence from multiple sources (PatchStack listin...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in Kun...
Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the 'E-Mail Error "From" Address' settings of the plugin:...
WordPress Kunze Law plugin <= 1.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by fuzzyap1 in WordPress Kunze Law plugin versions = 1.9. Solution Update the WordPress Kunze Law plugin to the latest available version at least 2.1...
Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its 'E-Mail Error "From" Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the 'E-Mail Error "From" Address' settings of the plugi...