Lucene search
K

4529 matches found

Prion
Prion
added 2021/09/20 10:15 a.m.14 views

Cross site scripting

The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.7AI score0.00617EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/09/20 10:15 a.m.16 views

Cross site scripting

The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/09/20 10:6 a.m.18 views

CVE-2021-24596 youForms for WordPress <= 1.0.5 - Authenticated Stored Cross-Site Scripting

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users editors and admins to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.2AI score0.02754EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.21 views

YITH Maintenance Mode < 1.3.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise the yithmaintenancenewslettersubmitlabel settings, which could allow high privilege users to perform Cross-Site Scripting attacks...

6.9CVSS3.5AI score0.0061EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/09/13 6:15 p.m.4 views

CVE-2021-24619

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
OSV
OSV
added 2021/09/13 6:15 p.m.4 views

CVE-2021-24621

The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfilteredhtml capability is disallowed, which could lead to Stored Cross-Site Scripting issues...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
OSV
OSV
added 2021/09/13 6:15 p.m.2 views

CVE-2021-24623

The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability i...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
Prion
Prion
added 2021/09/13 6:15 p.m.13 views

Cross site scripting

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

3.5CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.23 views

CVE-2021-24724 Timetable and Event Schedule by MotoPress < 2.3.19 - Author+ Stored Cross-Site Scripting

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s...

5.5AI score0.00888EPSS
Exploits2References3
Cvelist
Cvelist
added 2021/09/13 5:56 p.m.46 views

CVE-2021-24619 Per Page Add to Head <= 1.4.4 - Authenticated Stored XSS

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

5AI score0.00617EPSS
Exploits2References1
OSV
OSV
added 2021/09/06 11:15 a.m.5 views

CVE-2021-24591

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
NVD
NVD
added 2021/09/06 11:15 a.m.22 views

CVE-2021-24591

The Highlight WordPress plugin before 0.9.3 does not sanitise its CustomCSS setting, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.4CVSS0.00624EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.19 views

Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting

The plugin does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a new Calendar Appointment Hour Booking Add new Put the following payload in the Form...

4.8CVSS0.4AI score0.00598EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2021/09/02 12:0 a.m.5 views

PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework

Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...

7.1CVSS6.5AI score0.01341EPSS
Exploits2References4
OSV
OSV
added 2021/08/30 3:15 p.m.3 views

CVE-2021-24592

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
Prion
Prion
added 2021/08/30 3:15 p.m.14 views

Cross site scripting

The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
Huntr
Huntr
added 2021/08/24 10:34 p.m.6 views

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

✍️ Description Attacker able to leave any user message with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your application. In CSRF...

1.6AI score
Exploits0
WPVulnDB
WPVulnDB
added 2021/08/24 12:0 a.m.16 views

TextME SMS < 1.8.9 - Authenticated Stored XSS

The plugin does not escape its settings when outputting them, allowing high privilege users to perform XSS attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Account Username or Password settings of the plugin: " style=animation-name:rotation...

2.5AI score
Exploits0References2Affected Software1
Huntr
Huntr
added 2021/08/23 7:25 p.m.13 views

Cross-Site Request Forgery (CSRF) in neorazorx/facturascripts

✍️ Description Attacker able to delete any number of Accounting Subaccounts with CSRF attack. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the IP address or hostname of your...

1.7AI score
Exploits0
OSV
OSV
added 2021/08/23 12:15 p.m.4 views

CVE-2021-24549

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server...

4.9CVSS5.9AI score0.0157EPSS
Exploits2References2
Rows per page
Query Builder