348 matches found
CVE-2021-38341 WooCommerce Payment Gateway Per Category <= 2.0.10 Reflected Cross-Site Scripting
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /includes/pluginsettings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10...
CVE-2021-38330 Yet Another bol.com Plugin <= 1.4 Reflected Cross-Site Scripting
The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4...
CVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0...
Edit Comments XT <= 1.0 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /edit-comments-xt.php file which allows attackers to inject arbitrary web scripts...
DJ EmailPublish <= 1.7.2 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /dj-email-publish.php file which allows attackers to inject arbitrary web scripts...
Simple Matted Thumbnails <= 1.01 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts...
Notices <= 6.1 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /notices.php file which allows attackers to inject arbitrary web scripts...
WP Scrippets <= 1.5.1 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /wp-scrippets.php file which allows attackers to inject arbitrary web scripts...
Wise Agent Capture Forms <= 1.0 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /WiseAgentCaptureForm.php file which allows attackers to inject arbitrary web scripts...
On Page SEO + Whatsapp Chat Button < 1.0.2 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /settings.php file which allows attackers to inject arbitrary web scripts...
simpleSAMLphp Authentication <= 0.7.0 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts...
CVE-2021-39322
The Easy Social Icons plugin = 3.0.8 for WordPress echoes out the raw value of $SERVER'PHPSELF' in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path...
underConstruction < 1.19 - Reflected Cross-Site Scripting
The plugin does not escape the PHPSELF before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php/"/?page=under-construction...
Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'PHPSELF' input before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php/alert/XSS/...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Cross-site Scripting (XSS) - Reflected in znixbtw/panel-v2
✍️ Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will...
Jock on air now < 5.6.2 - Reflected Cross-Site Scripting
The plugin does not escape the $SERVER'PHPSELF' before outputting it back in an attribute in its settings, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php/"/?page=joansettings...
CVE-2021-34667
The Calendarplugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...