7 matches found
HL Twitter <= 2014.1.18 - Admin+ Stored XSS via Widget
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the widget area, add the widget...
HL Twitter <= 2014.1.18 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have a logged in admin open an HTML page containing:...
Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below...
Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Click...
Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open an HTML file containing the following: alert999'...
SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist&uid=3CHANGE HERE&pid=0CHANGE HERE&search=&=1708406394720 You can view...
month name translation benaceur < 2.3.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to...