2 matches found
GZ Hotel Booking Script 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Add/Edit a Custom Field /wp-admin/admin.php?page=eme-formfields and put the following payload in the Field Name:...