Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53...

CVE-2023-51666 WordPress Related Post Plugin <= 2.0.53 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PickPlugins Related Post allows Stored XSS.This issue affects Related Post: from n/a through 2.0.53...

CVE-2023-51666

The CVE-2023-51666 entry concerns the WordPress plugin Related Post. Affected versions are n/a through 2.0.53, with the underlying issue described as improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The vulnerability arises...

PT-2024-14226 · Pickplugins · Pickplugins Related Post

Name of the Vulnerable Software and Affected Versions: PickPlugins Related Post versions n/a through 2.0.53 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker ca...

CVE-2023-40211

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50...

CVE-2023-40211

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50...

CVE-2023-40211

CVE-2023-40211 affects PickPlugins Post Grid Combo – 36+ Gutenberg Blocks (WordPress Post Grid) with versions up to 2.2.50. The vulnerability is an information exposure allowing unauthenticated access, as detailed in PatchStack and Nuclei templates (POST/REST paths likely expose sensitive data to...

CVE-2023-40211 WordPress Post Grid Plugin <= 2.2.50 is vulnerable to Sensitive Data Exposure

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50...

PT-2023-27329

Name of the Vulnerable Software and Affected Versions PickPlugins Post Grid Combo – 36+ Gutenberg Blocks versions through 2.2.50 Description The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to...

VulnCheck KEV: CVE-2023-40211

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo – 36+ Gutenberg Blocks.This issue affects Post Grid Combo – 36+ Gutenberg Blocks: from n/a through 2.2.50...

CVE-2023-0166

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

Cross site scripting

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0166 PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2023-0166

The CVE refers to the WordPress plugin Product Slider for WooCommerce by PickPlugins, affected in versions prior to 1.13.42. The vulnerability arises because certain shortcode attributes are not validated or escaped before being output in a page or post, enabling Stored Cross-Site Scripting when ...

CVE-2023-0166 PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...

WordPress plugin Product Slider for WooCommerce by PickPlugins 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. wcps id='" onmouseover="alert/XSS/"'...

WordPress PickPlugins Product Slider for WooCommerce Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WooCommerce WordPress plugin for PickPlugins Product slider...

CVE-2021-24300

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue...

Cross site scripting

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue...