51 matches found
PT-2024-29106 · WordPress · Tabellen Von Faustball.Com
Name of the Vulnerable Software and Affected Versions: The Tabellen von faustball.com plugin for WordPress versions up to, and including, 2.0.4 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allo...
PT-2024-15931 · WordPress · The Advanced Social Feeds Widget & Shortcode
Name of the Vulnerable Software and Affected Versions: The Advanced Social Feeds Widget & Shortcode WordPress plugin versions 1.7 and earlier Description: The issue concerns the lack of sanitization and escaping of some settings in the plugin, which could allow high-privilege users, such as admin...
CVE-2023-5715
The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2023-5243
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2709
The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-20616 · WordPress · Get Your Number Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Get your number WordPress plugin versions 1.1.3 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
PT-2023-14051 · WordPress · Social Sharing
Name of the Vulnerable Software and Affected Versions: WP Social Sharing WordPress plugin versions through 2.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised and...
CVE-2021-39355
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject...
CVE-2021-39336
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...
CVE-2021-39335
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to...
PT-2021-22538
Name of the Vulnerable Software and Affected Versions: Business Manager WordPress plugin versions up to and including 1.4.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input validation and sanitization throughout the plugin. This allows attackers with...