WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload on the Preset settings of the plugin: '+accesskey="X"+onclick="alert1"'...

WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting

The plugin does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Put the following payload on the Preset settings of the plugin: '+accesskey="X"+onclick="alert1"'...

CVE-2020-27543

The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception...

WP Paginate < 2.1.4 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Paginate WordPress plugin, version 2.1.3 and possibly below, was vulnerable to Stored Cross-Site Scripting XSS in the plugin's preset settings parameter. The form did require a valid CSRF nonce, limiting the exploitability of the vulnerability. POST...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...