15 matches found
EUVD-2021-11572
Malware in sbrugna...
CVE-2024-31246
Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...
CVE-2024-32564
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 4.0.1...
PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open the URL below the post value is the ID of a post/page creat...
PostX - Gutenberg Post Grid Blocks < 3.0.6 - Reflected Cross-Site Scripting
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below the post value is the ID of a post/page...
CVE-2021-24659
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block...
Cross site scripting
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode...
CVE-2021-24660 PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode...
CVE-2021-24659 PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block...
CVE-2021-24652 PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values...
PostX Gutenberg Blocks Saved Templates Addon < 2.4.10 - Contributor+ Stored Cross-Site Scripting
The plugin, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. PoC Create a page as any user with the following shortcode block: gutenbergpostblocks id='a"...
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. PoC PoC can be entered with code editor the example below uses Taxonomy block; all blocks are vulnerable:...
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Contributor+ Stored Cross-Site Scripting
The plugin allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. PoC can be entered with code editor the example below uses Taxonomy block; all blocks are vulnerable:...
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. PoC You can run this from a browser's javascript console:...
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
The plugin performs incorrect checks before allowing any logged in user to perform some ajax based requests, allowing any user to modify, delete or add ultpoptions values. You can run this from a browser's javascript console:...