GHSA-5F64-7VFC-RCX6 Apostrophe has stored XSS via javascript: URL in Image Widget Link

Summary A stored cross-site scripting vulnerability was identified in the image widget functionality. A user with the Editor role can configure an image widget link to use a javascript: URL payload. Because editors have permission to publish pages, the malicious widget can be published to the liv...

GHSA-5HR6-R8H6-WH22 JetPack Exposure of Resource to Wrong Sphere

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...

Design/Logic Flaw

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...

Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak

The Jetpack Carousel module allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published page/posts to be leaked. Please refer to th...

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities Exploit Title: WordPress: wordpress huge-it-slider 2.7.5 & Persistent JS-HTML Code injection, Arbitrary slider deletion Date: 2015-06-23 Google Dork: intitle:"index of" intext:"/wp-content/plugins/slider-image/" Exploit Author:...