17 matches found
WordPress Plezi plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Plezi versions = 1.0.6...
CVE-2022-0680
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
EUVD-2024-34265
Malicious code in bioql PyPI...
CVE-2024-11763
The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2024-11763
The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2024-11763 Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2024-11763
CVE-2024-11763 affects the Plezi WordPress plugin. It is a stored XSS via the plugin’s plezi shortcode in all versions up to 1.0.6, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least Contributor+ privileges and can cause arbit...
WordPress plugin Plezi 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress Plezi plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress...
CVE-2022-0680
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
Cross site scripting
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
CVE-2022-0680 Plezi < 1.0.3 - Unauthenticated Stored XSS
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
CVE-2022-0680
CVE-2022-0680 affects the Plezi WordPress plugin (before 1.0.3). A REST endpoint allows unauthenticated users to update plz_configuration_tracker_enable, and the value is displayed in the admin panel without sanitisation/escaping, causing a Stored XSS. Connected advisories from RH, CNVD, CNNVD, C...
WordPress plugin Plezi 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress...
WordPress Plezi plugin <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability
Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Brandon James Roldan in WordPress Plezi plugin versions = 1.0.2. Solution Update the WordPress Plezi plugin to the latest available version at least 1.0.3...
Plezi < 1.0.3 - Unauthenticated Stored XSS
The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue PoC curl -X POST...
Plezi < 1.0.3 - Unauthenticated Stored XSS
The plugin has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue curl -X POST...