CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

CVE-2017-14721

Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name...

wordpress -- multiple issues

wordpress developers report: Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. Before versi...

WordPress Plugin Editor Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin editor. A remote attacker can exploit this vulnerability ...

WordPress <=4.8.1 - Cross-Site Scripting (XSS) vulnerability (plugin editor)

Cross-Site Scripting XSS vulnerability found by Chen Ruiqi in WordPress plugin editor version 4.8.1 and earlier versions. Solution Update the WordPress to the latest available version at least 4.8.2...

WordPress: Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general

Background This report is mainly about how a user with the role of editor, expectedly can post unfiltered content but unexpectedly can pwn an administrator with a RCE chain due to same origin frame scripting. Secondarily the report wants to highlight the technique used and the severity of it...