3479 matches found
Cross site scripting
A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function updateoptions of the file includes/WDSMultisiteAggregateOptions.php. The manipulation leads to cross site scripting. It is possible to launch the...
Cross site scripting
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The ANGradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3225 Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2635 Call Now Accessibility Button < 1.1 - Admin+ Stored XSS
The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2028 Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting
The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2026 Image Protector <= 1.1 - Admin+ Stored Cross-Site Scripting
The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2578 Buy Me a Coffee < 3.7 - Admin+ Stored XSS
The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2578 Buy Me a Coffee < 3.7 - Admin+ Stored XSS
The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2015-10120 WDS Multisite Aggregate Plugin WDS_Multisite_Aggregate_Options.php update_options cross site scripting
A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function updateoptions of the file includes/WDSMultisiteAggregateOptions.php. The manipulation leads to cross site scripting. It is possible to launch the...
CVE-2015-10120
CVE-2015-10120 affects the WordPress WDS Multisite Aggregate Plugin (versions up to 1.0.0). The vulnerability resides in the update_options function of includes/WDS_Multisite_Aggregate_Options.php, enabling cross-site scripting (XSS) and exploitable remotely. Upgrading to version 1.0.1 addresses ...
WordPress plugin WDS Multisite Aggregate 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-17426 · WordPress · Call Now Accessibility Button
Name of the Vulnerable Software and Affected Versions: Call Now Accessibility Button WordPress plugin versions prior to 1.1 Description: The issue allows high-privilege users to perform Stored Cross-Site Scripting XSS attacks due to improper sanitization of some settings. This can occur even when...
PT-2023-17427 · WordPress · Prepost Seo
Name of the Vulnerable Software and Affected Versions: PrePost SEO WordPress plugin versions through 3.0 Description: The issue arises from the plugin's failure to properly sanitize some of its settings. This could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks, eve...
PT-2023-10298 · WordPress · Wds Multisite Aggregate Plugin
Name of the Vulnerable Software and Affected Versions: WDS Multisite Aggregate Plugin versions up to 1.0.0 Description: A problematic issue was found in the WDS Multisite Aggregate Plugin, affecting the update options function of the file includes/WDS Multisite Aggregate Options.php. This issue...