2 matches found
Cross site scripting
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
SEO 301 Meta <= 1.9.1 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Request or Destination settings of the plugin: "...