EUVD-2022-34597

Malicious code in bioql PyPI...

CVE-2022-2328

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2328

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2328

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2328

Summary of CVE-2022-2328 : The Flexi Quote Rotator WordPress plugin (versions ≤ 0.9.4) does not sanitise or escape its settings, enabling stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Multiple sources confirm the vulnerability as an a...

CVE-2022-2328 Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

PT-2022-15919 · WordPress · Flexi Quote Rotator

Name of the Vulnerable Software and Affected Versions: Flexi Quote Rotator WordPress plugin versions 0.9.4 and earlier Description: The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...

WordPress plugin Flexi Quote Rotator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Flexi Quote Rotator plugin <= 0.9.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Daniel Ruf in WordPress Flexi Quote Rotator plugin versions = 0.9.4. Solution Deactivate and delete. This plugin has been closed as of July 6, 2022 and is not available for download. This closure is temporary, pending a ful...

Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add the following payload to a new quote:...

Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Add the following payload to a new quote:...

WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-101989)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. nspirational Quote Rotator plugin is a WordPress open source application plugin. WordPress Inspirational Quote...

CVE-2021-24771

The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallo...

CVE-2021-24771

The CVE-2021-24771 entry corresponds to the WordPress Inspirational Quote Rotator plugin (versions up to 1.0.0) with a stored XSS vulnerability. Multiple connected sources confirm that admin users can inject malicious content into quote fields, which is then output in the Quotes list due to insuf...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. nspirational Quote Rotator plugin is a WordPress open source application plugin. WordPress Inspirational Quote...

Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallowed Add/edit a quote...

WordPress Inspirational Quote Rotator plugin <= 1.0.0 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Vishal Mohan in WordPress Inspirational Quote Rotator plugin versions = 1.0.0. Solution Deactivate and delete. This plugin has been closed as of September 23, 2021 and is not available for download. This closure is temporary, pending a...

WordPress Flexi Quote Rotator Plugin - Multiple Vulnerabilities

This plugin is prone to a cross site request forgery and SQL injection vulnerabilities. Solution Upgrade the plugin...

WordPress Flexi Quote Rotator Plugin - Multiple Vulnerabilities

This plugin is prone to a cross site request forgery and SQL injection vulnerabilities. Solution Upgrade the plugin...

Flexi Quote Rotator - Cross-Site Request Forgery & SQL Injection Vulnerabilities

The Flexi Quote Rotator WordPress plugin was affected by a Cross-Site Request Forgery & SQL Injection Vulnerabilities security vulnerability...