8962 matches found
WordPress plugin WP Font Awesome 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Loan Comparison 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin GS Products Slider for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Easy Affiliate Links 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Shortcode for Font Awesome 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin GS Filterable Portfolio 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
GetResponse for WordPress <= 5.5.31 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC grwebform center='on'...
real.Kit < 5.1.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC modal open='1' class='"...
WordPress Plugin Video.js 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-15380 · WordPress · Wp Responsive Testimonials Slider/Widget
Name of the Vulnerable Software and Affected Versions: WP Responsive Testimonials Slider And Widget WordPress plugin versions 1.5 and earlier Description: The issue concerns the WP Responsive Testimonials Slider And Widget WordPress plugin, which does not properly validate and escape some of its...
PT-2023-15490 · WordPress · Hueman Addons
Name of the Vulnerable Software and Affected Versions: Hueman Addons WordPress plugin versions prior to 2.3.4 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the Hueman Addons WordPress plugin. This could allow users with the contributor role a...
PT-2023-15984 · WordPress · Timed Content
Name of the Vulnerable Software and Affected Versions: Timed Content WordPress plugin versions prior to 2.73 Description: The issue concerns the Timed Content WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post...
PT-2023-16216 · WordPress · Loan Comparison Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Loan Comparison WordPress plugin versions prior to 1.5.3 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...
PT-2023-16222 · WordPress · Embedstories
Name of the Vulnerable Software and Affected Versions: EmbedStories WordPress plugin versions prior to 0.7.5 Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the EmbedStories WordPress plugin, which could allow users with the contributor role an...
WordPress plugin EmbedSocial 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress plugin GS Portfolio for Envato 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-16363 · WordPress · Gs Portfolio
Name of the Vulnerable Software and Affected Versions: GS Portfolio for Envato WordPress plugin versions prior to 1.4.0 Description: The issue concerns the GS Portfolio for Envato WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in ...
Juicer < 1.11 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC juicer name='" onmouseover=alert/XSS/...
Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC v 2.7.5 vidbg loop="1;alert/XSS-loop/;...
Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks v 2.7.5 vidbg loop="1;alert/XSS-loop/;...