7 matches found
PT-2024-17212 · WordPress · Kvcore Idx Plugin
Name of the Vulnerable Software and Affected Versions: kvCORE IDX plugin for WordPress versions up to, and including, 2.3.35 Description: The issue is related to Reflected Cross-Site Scripting, which occurs due to insufficient input sanitization and output escaping. This allows unauthenticated...
CVE-2021-24715
The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24715
The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24715
The CVE-2021-24715 entry concerns the WordPress WP Sitemap Page plugin before 1.7.0, where improper sanitization/escaping of settings enables stored Cross-Site Scripting. Exploitation could allow high-privilege users to run JavaScript even when unfiltered_html is disallowed. Affected component: t...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress WP Sitemap Page plugin has a cross-site scripting vulnerability in versions prior to 1.7.0, which stems from ...
WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting
The plugin does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the mentioned settings of the plugin: - How to display the...
WordPress WP Sitemap Page Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress WP Sitemap Page plugin, which can be exploited by...