6 matches found
CVE-2026-15284
The King Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formpageid' parameter in versions up to, and including, 51.1.62 This is due to insufficient input sanitization in the addtosubmissions function, which applies sanitizetextfield which preserves...
Cross site scripting
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitizetextfield but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WPSchoolPress plugin prior to version 2.1.17, whi...
WordPress Tutor 1.5.3 Cross Site Scripting
Tile: Wordpress Plugin tutor.1.5.3 - Cross-Site Scripting - Author: mehran feizi - Category: webapps - Date: 2020.02.12 =================================================================== Vulnerable page: /Quiz.php =================================================================== Vulnerable...
WordPress Tutor 1.5.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications - Tile: Wordpress Plugin tutor.1.5.3 - Cross-Site Scripting - Author: mehran feizi - Category: webapps =================================================================== Vulnerable page: /Quiz.php...
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
0x01 漏洞概述 Wordpress的插件WordPress File Upload v4.3.3及其以前版本在管理后台存在一处存储型xss漏洞。攻击者可以通过该漏洞执行js脚本,获取管理员cookie。 漏洞名称:WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting PoC 漏洞来源:https://www.exploit-db.com/exploits/44444/ CVE:CVE-2018-9844 影响组件:WordPress Plugin File Upload...