44 matches found
PT-2023-14556 · WordPress · Mesmerize Companion
Name of the Vulnerable Software and Affected Versions: Mesmerize Companion WordPress plugin versions prior to 1.6.135 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as...
Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Required...
Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Required them...
WordPress Mesmerize theme <=1.6.89 - Authenticated Options Update vulnerability
Authenticated Options Update vulnerability found by NinTechNet in WordPress Mesmerize theme versions =1.6.89. Solution Update the WordPress Mesmerize theme to the latest available version at least 1.6.90...