CVE-2021-25038

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...

Cross site scripting

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

Cross site scripting

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25039 Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25039

The CVE-2021-25039 entry concerns the WordPress Multisite Content Copier/Updater plugin (before 2.1.0). The vulnerability arises from insufficient sanitization/escaping of the parameters wmcc_content_type, wmcc_source_blog, and wmcc_record_per_page, which are echoed back in attributes, enabling r...

CVE-2021-25038 Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...

CVE-2021-25038

CVE-2021-25038 affects the WordPress Multisite User Sync/Unsync plugin prior to 2.1.2. The vulnerability arises from failure to sanitize and escape the wmus_source_blog and wmus_record_per_page parameters before echoing them in HTML attributes, enabling a reflected cross-site scripting (XSS) cond...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. A cross-site scripting vulnerability exists in versions of the WordPres...

WordPress plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Multisite Content Copier/Updater plugin versi...

WordPress Multisite Robots.txt Manager plugin <= 3.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Multisite Robots.txt Manager plugin versions = 3.0.0. Solution No patched version available...

WordPress Multisite Robots.txt Manager plugin <= 3.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Multisite Robots.txt Manager plugin versions = 3.0.0. Solution No patched version available...

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-sourceblog/' / alert/XSS-record/' /...

Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmcccontenttype, wmccsourceblog and wmccrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues alert/XSS-contenttype/' / alert/XSS-source/' / alert/XSS-record/' /...

Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the wmussourceblog and wmusrecordperpage parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues PoC...

Ad Inserter < 2.7.11 - Admin+ RCE / Stored XSS

The plugin does not make any security checks regarding the PHP and JS code in blocks, allowing high privilege users such as admin to execute commands on the underlying OS as well as perform Stored Cross-Site Scripting attacks even in multisite blogs and hardened ones. PoC 1. Go to Settings - Ad...

CVE-2022-0232

The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...

CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...

PT-2022-13038 · WordPress · Random Banner

Name of the Vulnerable Software and Affected Versions: Random Banner WordPress plugin versions up to and including 4.1.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file. This allow...