9 matches found
CVE-2023-2029
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress PrePost SEO 3.0 Cross Site Scripting
Tittle: WordPress Plugin PrePost SEO " 2. Save and see XSS exploit. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b...
Cross site scripting
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2029
CVE-2023-2029 concerns the PrePost SEO WordPress plugin (versions <= 3.0). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by improper sanitization of certain settings, enabling high-privilege users to inject script even when unfiltered_html is disallowed (e.g., multisite)...
CVE-2023-2029 PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting
The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin PrePost SEO ่ทจ็ซ่ๆฌๆผๆด
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-17427 ยท WordPress ยท Prepost Seo
Name of the Vulnerable Software and Affected Versions: PrePost SEO WordPress plugin versions through 3.0 Description: The issue arises from the plugin's failure to properly sanitize some of its settings. This could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks, eve...
PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add XSS payload to plugin's "Account API key" setting: ...
PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting
The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add XSS payload to plugin's "Account API key" setting: "" 2...