18 matches found
CVE-2024-12680
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12679
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12680
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12679
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12679
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12679 Prisna GWT < 1.4.14 - Admin+ Stored XSS
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12680 Prisna GWT < 1.4.14 - Admin+ Stored XSS
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12680
CVE-2024-12680 affects the WordPress plugin Prisna GWT (Prisna GWT WordPress plugin) prior to 1.4.14. The issue stems from insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multis...
CVE-2024-12680 Prisna GWT < 1.4.14 - Admin+ Stored XSS
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Prisna GWT 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...
CVE-2024-8514
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisnaimport' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-8514
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisnaimport' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-8514 Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisnaimport' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-8514 Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection
The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisnaimport' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-8514
CVE-2024-8514 : The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to authenticated PHP Object Injection via deserialization of input in the prisna_import parameter for versions up to and including 1.4.11. An attacker with Administrator-level access could inject a PHP o...
WordPress plugin Prisna GWT 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress Prisna GWT – Google Website Translator Plugin <= 1.4.11 is vulnerable to PHP Object Injection
Software Prisna GWT – Google Website Translator Type Plugin Vulnerable versions = 1.4.11 Fixed in 1.4.12 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8514 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 96a1cccedfb0 Credits Lesor101 Required...
PT-2024-39066 · WordPress · Prisna Gwt – Google Website Translator
Name of the Vulnerable Software and Affected Versions: Prisna GWT – Google Website Translator plugin for WordPress versions up to, and including, 1.4.11 Description: The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection via deserialization of...