CVE-2022-0209

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

EUVD-2022-15411

Malicious code in bioql PyPI...

WordPress Mitsol Social Post Feed plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-0209

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0209

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0209 Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0209 Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0209

CVE-2022-0209 affects the Mitsol Social Post Feed WordPress plugin, specifically versions prior to 1.11. The issue is due to insufficient escaping of certain settings when they are output in HTML attributes, enabling cross-site scripting by high-privilege users (e.g., admins) even if unfiltered_h...

PT-2022-13037 · WordPress · Mitsol Social Post Feed

Name of the Vulnerable Software and Affected Versions: Mitsol Social Post Feed WordPress plugin versions prior to 1.11 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because some settings are not properly escaped befor...

WordPress Mitsol Social Post Feed plugin <= 1.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress Mitsol Social Post Feed plugin versions = 1.10. Solution Deactivate and delete. This plugin has been closed as of and is not available for download. Reason: Security Issue...

Mitsol Social Post Feed <= 1.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Put the following payload in the Access Token User access...

WordPress Mitsol Social Post Feed plugin <= 1.10 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Big Tiger in WordPress Mitsol Social Post Feed plugin versions = 1.10. Solution Deactivate and delete. This plugin has been closed as of March 14, 2022 and is not available for download. This closure is temporary, pending a full review...

Mitsol Social Post Feed <= 1.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Access Token User acce...