CVE-2021-25039

The CVE-2021-25039 entry concerns the WordPress Multisite Content Copier/Updater plugin (before 2.1.0). The vulnerability arises from insufficient sanitization/escaping of the parameters wmcc_content_type, wmcc_source_blog, and wmcc_record_per_page, which are echoed back in attributes, enabling r...

CVE-2021-25038 Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25038

CVE-2021-25038 affects the WordPress Multisite User Sync/Unsync plugin prior to 2.1.2. The vulnerability arises from failure to sanitize and escape the wmus_source_blog and wmus_record_per_page parameters before echoing them in HTML attributes, enabling a reflected cross-site scripting (XSS) cond...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. A cross-site scripting vulnerability exists in versions of the WordPres...

WordPress plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Multisite Content Copier/Updater plugin versi...

WordPress Multisite Robots.txt Manager plugin <= 3.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Multisite Robots.txt Manager plugin versions = 3.0.0. Solution No patched version available...

WordPress Multisite Robots.txt Manager plugin <= 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multisite Robots.txt Manager plugin versions = 3.0.0. Solution No patched version available...

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC...

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-sourceblog/' / alert/XSS-record/' /...

Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-contenttype/' / alert/XSS-source/' / alert/XSS-record/' /...

Ad Inserter < 2.7.11 - Admin+ RCE / Stored XSS

The plugin does not make any security checks regarding the PHP and JS code in blocks, allowing high privilege users such as admin to execute commands on the underlying OS as well as perform Stored Cross-Site Scripting attacks even in multisite blogs and hardened ones. PoC 1. Go to Settings - Ad...

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

PT-2022-13038 · WordPress · Random Banner

Name of the Vulnerable Software and Affected Versions: Random Banner WordPress plugin versions up to and including 4.1.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file. This allow...

Discourse 2.8.x < 2.8.0.beta10 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

Discourse < 2.7.12 DoS Vulnerability

Discourse is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"...

WordPress 5.8.x < 5.8.3 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

WordPress 4.5.x < 4.5.25 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

WordPress 5.2.x < 5.2.14 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...

WordPress 4.6.x < 4.6.22 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A stored Cross-Site Scripting XSS vulnerability through post slugs. - An object injection vulnerability in some multisite installations. - A SQL injection vulnerability in...