CVE-2021-24207

By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages...

CVE-2021-24211

The WordPress Related Posts plugin through 3.6.4 contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser...

CVE-2021-24211

The WordPress Related Posts plugin through 3.6.4 contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser...

CVE-2021-24180

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious UR...

CVE-2021-24180

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious UR...

Cross site scripting

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious UR...

Cross site scripting

The WordPress Related Posts plugin through 3.6.4 contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser...

CVE-2021-24211

The CVE-2021-24211 entry describes an authenticated (admin+) stored XSS vulnerability in the WordPress Related Posts plugin up to version 3.6.4, triggered via the title field on the settings page. Exploitation allows execution of JavaScript in a user’s browser. Affected software: WordPress Relate...

CVE-2021-24180 Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious UR...

PT-2021-15756 · WordPress · Wordpress Related Posts

Name of the Vulnerable Software and Affected Versions: WordPress Related Posts plugin versions 3.6.4 and earlier Description: The issue concerns an authenticated stored XSS vulnerability in the title field on the settings page. This allows an attacker to execute JavaScript code in the user's...

WordPress Related Posts 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content to WordPress. A cross-site scripting vulnerability exists in the Related...

WordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content to WordPress. A security vulnerability exists in the WordPress Related...

PT-2021-4051 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.7.1 Description: The issue is related to the exposure of information in WordPress, a content management system. It involves the exploitation of a block in the WordPress editor, which can expose password-protected...

WordPress Related Posts plugin <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ganesh Bagaria in WordPress Related Posts plugin versions = 3.6.4. Solution Plugin closed. No patched version is available. Deactivate and delete...

WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. Put the following payload in the "Related Posts Title" settings of the plugin...

WordPress Related Posts <= 3.6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin contains an authenticated admin+ stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to execute JavaScript code in the user's browser. PoC Put the following payload in the "Related Posts Title" settings of the plugin...

CVE-2021-24137

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

Sql injection

Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands...

Cross site scripting

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...

CVE-2021-24137

CVE-2021-24137 affects the WordPress Blog2Social plugin prior to 6.3.1. Unvalidated input in the Re-Share Posts feature allows authenticated users to perform SQL injection, enabling arbitrary SQL execution against the database. The vulnerability is exploitable via the plugin’s Re-Share Posts flow...