CVE-2020-25375

Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field...

WordPress Plugin Store Exporter for WooCommerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Unsafe plugins can be installed via pack import by tenant admins

Summary Unsafe plugins for instance sql-list can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables Details I have an example https://bot20230704.saltcorn.com/view/allplugins It's publicly accessible but has not so secure values except lis...

GHSA-WXF3-4FVJ-VQQX Unsafe plugins can be installed via pack import by tenant admins

Summary Unsafe plugins for instance sql-list can be installed in subdomain tenants via pack import even if unsafe plugin installation for tenants is disables Details I have an example https://bot20230704.saltcorn.com/view/allplugins It's publicly accessible but has not so secure values except lis...

CVE-2020-25380

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting XSS via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed...

Cross site scripting

Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting XSS via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that will be stored and executed...

CVE-2020-25380

CVE-2020-25380 affects WordPress Plugin Store / Mike Rooijackers Recall Products V0.8. The vulnerability is a stored Cross Site Scripting (XSS) via the Recall Settings field in admin.php, allowing injected JavaScript to execute in the context of authenticated/admin users. Impact details are limit...

CVE-2020-25379

CVE-2020-25379 affects the WordPress Recall Products plugin (version

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Summary (grounded): CVE-2020-25378 affects WordPress plugins from AccessPress Themes: WP Floating Menu, version 1.3.0. The vulnerability is a Cross Site Scripting (XSS) weakness triggered by the id parameter in the GET request (reflected XSS). Some sources describe the issue as authenticated and ...

CVE-2020-25375

WP SMART CRM (SoftradeWeb SNC) version 1.8.7 is affected by stored Cross Site Scripting via multiple customer fields (Business Name, Tax Code, First Name, Address, Town, Phone, Mobile, Place of Birth, Web Site, VAT Number, Last Name, Fax, Email, Skype). Root cause: inadequate input sanitization i...

PT-2020-16074 · Mike Rooijackers · Recall Products

Name of the Vulnerable Software and Affected Versions: Wordpress Plugin Store / Mike Rooijackers Recall Products version 0.8 Description: The issue allows an authenticated attacker to inject a malicious SQL query due to the failure to sanitize input from the Manufacturer parameter. Recommendation...