Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2024/12/12 12:0 a.m.4 views

PT-2024-17212 · WordPress · Kvcore Idx Plugin

Name of the Vulnerable Software and Affected Versions: kvCORE IDX plugin for WordPress versions up to, and including, 2.3.35 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows unauthenticated...

6.1CVSS6.8AI score0.00332EPSS
Exploits0References6
NVD
NVD
added 2021/11/01 9:15 a.m.24 views

CVE-2021-24715

The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00622EPSS
Exploits2References1
OSV
OSV
added 2021/11/01 9:15 a.m.4 views

CVE-2021-24715

The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00622EPSS
Exploits2References1
CVE
CVE
added 2021/11/01 8:46 a.m.54 views

CVE-2021-24715

The CVE-2021-24715 entry concerns the WordPress WP Sitemap Page plugin before 1.7.0, where improper sanitization/escaping of settings enables stored Cross-Site Scripting. Exploitation could allow high-privilege users to run JavaScript even when unfiltered_html is disallowed. Affected component: t...

4.8CVSS4.7AI score0.00622EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.4 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress WP Sitemap Page plugin has a cross-site scripting vulnerability in versions prior to 1.7.0, which stems from ...

4.8CVSS5.6AI score0.00622EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/09/07 12:0 a.m.20 views

WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the mentioned settings of the plugin: - How to display the...

4.8CVSS0.7AI score0.00622EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2020/02/20 12:0 a.m.1 views

WordPress WP Sitemap Page Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Sitemap Page plugin, which can be exploited by...

5.9AI score
Exploits0References1
Rows per page
Query Builder