WordPress Popular Posts Plugin Remote Code Execution

A remote code execution vulnerability exists in WordPress Popular Posts Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

PT-2021-19931 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.7.7 Description: Discourse is an open source discussion platform. There are two bugs that led to the post creator of a whisper post being revealed to non-staff users. The first bug occurs when a staff user create...

CVE-2021-24482

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its headingtext and CSS settings, allowing high privilege users admin to set XSS payloads in them, leading to Stored Cross-Site Scripting issues...

CVE-2021-24482

CVE-2021-24482 affects the WordPress Related Posts for WordPress plugin up to version 2.0.4. An authenticated admin can abuse unsanitised heading_text and CSS settings to trigger Stored XSS, with PoCs showing input like heading_text and CSS payloads. Impact is Stored XSS under admin-authenticated...

WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

WordPress Popular Posts 5.3.2 Shell Upload

Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...

Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS

The plugin has an authenticated reflected cross site scripting XSS vulnerability in one of the administrative functions for handling deletion of videos. .../wp-content/plugins/video-posts-webcam-recorder/posts/videowhisper/recordedvideos.php?delete=%3Cscript%3Ealert1%3C/script%3E...

Halo incorrect access control vulnerability

Halo is a light, clean, and powerful Java blogging system. Halo version 0.4.3 contains an incorrect access control vulnerability. An attacker could use this vulnerability to bypass encryption via a cookie and view encrypted posts...

Halo 授权问题漏洞

Halo is a light, clean, and powerful Java blogging system. Halo version 0.4.3 contains an incorrect access control vulnerability. An attacker could use this vulnerability to bypass encryption via a cookie and view encrypted posts...

WordPress Popular Posts plugin <= 5.3.3 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability

Authenticated Persistent Cross-Site Scripting XSS vulnerability discovered by Vlad Visse Patchstack in WordPress Popular Posts plugin versions = 5.3.3. Solution Update the WordPress Popular Posts plugin to the latest available version at least 5.3.4...

WordPress Popular Posts < 5.3.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the widget-wpp2posttype parameter before outputting it in the page, which could lead to a Stored Cross-Site Scripting issue...

WordPress Popular Posts Plugin < 5.3.3 Multiple Vulnerabilities

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

WordPress Popular Posts Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Popular Posts 5.3.2 and earlier versions are vulnerable to cross-site scripting. An authenticated remote attacker can use this vulnerability to inject arbitrary scripts...

CVE-2021-20746

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20746

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20746

CVE-2021-20746 describes a Cross-Site Scripting vulnerability in the WordPress Popular Posts plugin (versions 5.3.2 and earlier). The flaw allows an authenticated remote attacker to inject arbitrary scripts via unspecified vectors, with an impact limited to the attacker’s browser context. Exploit...

WordPress 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Popular Posts 5.3.2 and earlier versions are vulnerable to cross-site scripting. An authenticated remote attacker can use this vulnerability to inject arbitrary scripts...

JVN#63066062: WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Impact A user with the administrative privilege may unintentionally execute a script on his/her web browser. Solution Update the plugin Update the plugin according to the...