6 matches found
EUVD-2021-11723
Malware in sbrugna...
CVE-2021-24811
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24811
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24811 Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24811
The CVE-2021-24811 issue affects the WordPress Shop Page WP plugin prior to version 1.2.8. The root cause is improper sanitisation/escaping of some Product fields, allowing stored XSS by high-privilege users even when unfiltered_html is disallowed. Exploitation details in connected records indica...
Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Add/edit a product and put the following payload in the Product Affiliate URL, Custom Button Text...