13 matches found
CVE-2023-5741
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Powr Pack <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Contact Form – Custom Builder, Payment Form, and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...
CVE-2023-45609 WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in POWR.Io Contact Form – Custom Builder, Payment Form, and More allows Stored XSS.This issue affects Contact Form – Custom Builder, Payment Form, and More: from n/a through 2.1.0...
WordPress Powr Pack Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS)
Software Powr Pack Type Plugin Vulnerable versions = 2.1.0 Fixed in 2.2.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45609 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b52dad403861 Credits resecured.io Required privilege Contributor...
CVE-2023-5741
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5741
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Cross site scripting
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5741
CVE-2023-5741 corresponds to the Powr Pack plugin for WordPress (Powr Pack) vulnerability via the plugin shortcode powr-pack. The issue is a Stored XSS caused by insufficient input sanitization and output escaping on user-supplied shortcode attributes, exposing authenticated attackers with contri...
CVE-2023-5741
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5741 POWR <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2023-32295 · WordPress · Powr Plugin
Name of the Vulnerable Software and Affected Versions: POWR plugin for WordPress versions up to, and including, 2.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin POWR security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...