5785 matches found
BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting
The plugin sanitise with sanitizetextfield but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/chat-rooms/?subject=asd%22%20%22%20onmouseover=javascript:alert1;%20test=%22&new-message;=asd...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin YITH Maintenance Mode, which ste...
Check & Log Email < 1.0.3 - Admin+ SQL Injections
The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues PoC With the 'Enable Log' settings of the plugin activated: -...
Check & Log Email < 1.0.3 - Admin+ SQL Injections
The plugin does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues With the 'Enable Log' settings of the plugin activated: -...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
gedit 安全漏洞
gedit is a text editor from the GNOME Gnome project for the GNOME desktop environment. A security vulnerability exists in the gedit 3 plugin that stems from the plugin containing a regular expression denial of service...
St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting
The plugin does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to ...
St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting
The plugin does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to ...
CVE-2021-24525
The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by...
Cross site scripting
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated...
CVE-2021-24609 WP Mapa Politico Espana < 3.7.0- Authenticated Stored XSS
The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting
The plugin does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payload in the Plugin's Settings General "Error message...
One User Avatar < 2.3.7 - Avatar Update via CSRF
The plugin does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack PoC Click POST /one-user-avatar-avatar-upload/ HTTP/1.1 Accept:...
Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting
The plugin does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perform Cross-Site Scripting attacks. PoC Put the following payload in the QR setting: " The XSS will be triggered in the plugin's setting...
BulletProof Security < 5.2 - Sensitive Information Disclosure
The plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible /dbbackuplog.txt file which grants attackers the full path of the site, in addition to the path of database backup files. PoC...
Find My Blocks < 3.4.0 - Private Post Titles Disclosure
The plugin does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles. PoC Create a private post with at least one Gutenburg paragraph block and go to https://example.com/wp-json/find-my-blocks/blocks/?name=core/paragraph...
CVE-2021-24605
The createpostpage AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 available to authenticated user does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue...
Cross site scripting
The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site Scripting issue...
CVE-2021-38333 WP Scrippets <= 1.5.1 Reflected Cross-Site Scripting
The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1...
WP-T-Wap <= 1.13.2 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the /wap/writer.php file which allows attackers to inject arbitrary web scripts...