WordPress Pet Manager plugin <= 1.4 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Pet Manager versions = 1.4...

WordPress plugin Pet-Manager 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

EUVD-2024-32486

Malicious code in bioql PyPI...

WordPress Pet Manager plugin <= 1.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Pet Manager versions = 1.4...

CVE-2024-3918

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-3918

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-3917

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-3918 Pet Manager <= 1.4 - Contributor+ Stored XSS

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-3918 Pet Manager <= 1.4 - Contributor+ Stored XSS

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-3918

CVE-2024-3918 corresponds to a Stored XSS vulnerability in the WordPress Pet Manager plugin (versions up to 1.4). The issue arises because some Pet settings are not properly sanitised/escaped, enabling high-privilege users (e.g., Contributors) to store scripts that could affect other site users. ...

CVE-2024-3917 Pet Manager <= 1.4 - Reflected XSS

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-3917 Pet Manager <= 1.4 - Reflected XSS

The Pet Manager WordPress plugin through 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Pet Manager Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)

Software Pet Manager Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3917 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d50e54d0e73b Credits Bob Matyas Required...

PT-2024-28375 · WordPress · The Pet Manager

Name of the Vulnerable Software and Affected Versions: The Pet Manager WordPress plugin versions 1.4 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the...

WordPress plugin Pet Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress plugin Pet Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2024-28380 · WordPress · Pet Manager

Name of the Vulnerable Software and Affected Versions: Pet Manager WordPress plugin versions 1.4 and earlier Description: The issue concerns the Pet Manager WordPress plugin, which does not properly sanitise and escape some of its Pet settings. This could allow high-privilege users, such as...

Pet Manager <= 1.4 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 1. Add a pet and publish the listing 2. View the pet on the frontend of the site and ge...

Pet Manager <= 1.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. 1. Go to "Pets Add Pet" 2. In the "Address" field add the payload " style=animation-name:rotation...

Pet Manager <= 1.4 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape some of its Pet settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks. PoC 1. Go to "Pets Add Pet" 2. In the "Address" field add the payload " style=animation-name:rotation...