EUVD-2023-33556

Malicious code in bioql PyPI...

CVE-2023-2029

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress PrePost SEO 3.0 Cross Site Scripting

Tittle: WordPress Plugin PrePost SEO " 2. Save and see XSS exploit. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/4889ad5a-c8c4-4958-b176-64560490497b...

CVE-2023-2029

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2029

CVE-2023-2029 concerns the PrePost SEO WordPress plugin (versions <= 3.0). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by improper sanitization of certain settings, enabling high-privilege users to inject script even when unfiltered_html is disallowed (e.g., multisite)...

CVE-2023-2029 PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin PrePost SEO 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-17427 · WordPress · Prepost Seo

Name of the Vulnerable Software and Affected Versions: PrePost SEO WordPress plugin versions through 3.0 Description: The issue arises from the plugin's failure to properly sanitize some of its settings. This could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks, eve...

WordPress PrePost SEO Plugin <= 3.0 is vulnerable to Cross Site Scripting (XSS)

Software PrePost SEO Type Plugin Vulnerable versions = 3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2029 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b6a7fe38984b Credits Taurus Omar Required privilege...

PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add XSS payload to plugin's "Account API key" setting: "" 2...

PrePost SEO <= 3.0 - Admin+ Stored Cross-Site Scripting

The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add XSS payload to plugin's "Account API key" setting: ...