Lucene search
+L

85 matches found

OSV
OSV
added 2022/06/20 11:15 a.m.6 views

CVE-2021-25088

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00565EPSS
Exploits2References1
NVD
NVD
added 2022/06/20 11:15 a.m.28 views

CVE-2021-25088

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00565EPSS
Exploits2References1
Prion
Prion
added 2022/06/20 11:15 a.m.15 views

Cross site scripting

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS4.8AI score0.00565EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/06/20 10:25 a.m.87 views

CVE-2021-25088

CVE-2021-25088 affects the WordPress Google XML Sitemaps plugin prior to 4.1.3. The root cause is failure to sanitize/escape settings before outputting them on the Debug page, enabling Cross-Site Scripting by high-privilege users (e.g., in multisite). Impact is XSS; CVE details indicate the issue...

4.8CVSS4.7AI score0.00565EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/20 10:25 a.m.41 views

CVE-2021-25088 Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00565EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/06/20 12:0 a.m.5 views

WordPress plugin XML Sitemaps 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress plugin XML Sitemaps 4.1.3,...

4.8CVSS5.3AI score0.00565EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/05/30 12:0 a.m.23 views

WordPress Google XML Sitemaps plugin <= 4.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Google XML Sitemaps plugin versions = 4.1.2. Solution Update the WordPress Google XML Sitemaps plugin to the latest available version at least 4.1.3...

4.8CVSS2.1AI score0.00565EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/30 12:0 a.m.20 views

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...

4.8CVSS0.00565EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2022/05/30 12:0 a.m.143 views

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in the "Try to...

4.8CVSS4.8AI score0.00565EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.22 views

Magento 2 Community Edition RCE Vulnerability

A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary P...

7.2CVSS8.2AI score0.02413EPSS
Exploits0References7Affected Software1
CNVD
CNVD
added 2022/05/18 12:0 a.m.20 views

WordPress Advanced Image Sitemaps plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Advanced Image Sitemaps plugin 1.2 and earlier versions are vulnerable to a cross-site scripting...

6.1CVSS1.8AI score0.00773EPSS
Exploits2References1
CNVD
CNVD
added 2022/03/16 12:0 a.m.24 views

WordPress Better WordPress Google XML Sitemaps plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Better WordPress Google XML Sitemaps plugin version 1.4.1 and earlier versions are vulnerable to a cross-site scripting...

6.1CVSS2AI score0.01496EPSS
Exploits2References1
NVD
NVD
added 2022/03/14 3:15 p.m.19 views

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

6.1CVSS0.01496EPSS
Exploits2References1
OSV
OSV
added 2022/03/14 3:15 p.m.4 views

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

6.1CVSS5.8AI score0.01496EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/03/14 3:15 p.m.6 views

CVE-2022-0230

The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins...

6.1CVSS6.3AI score0.01496EPSS
Exploits2References2
CVE
CVE
added 2022/03/14 2:41 p.m.91 views

CVE-2022-0230

The CVE-2022-0230 entry concerns the WordPress plugin Better WordPress Google XML Sitemaps (

6.1CVSS5.9AI score0.01496EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.8 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Better WordPress Google XML Sitemaps plugin version 1.4.1 and earlier versions are vulnerable to a cross-site scripting...

6.1CVSS5.4AI score0.01496EPSS
Exploits2References2
wpexploit
wpexploit
added 2022/02/16 12:0 a.m.123 views

Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins With the permalinks settings set to plain, as an unauthenticated user, open...

0.1AI score0.01496EPSS
Exploits2
Patchstack
Patchstack
added 2022/02/16 12:0 a.m.18 views

WordPress Better WordPress Google XML Sitemaps plugin <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Better WordPress Google XML Sitemaps plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of February 14, 2022 and is not available for download. This closur...

6.1CVSS1.1AI score0.01496EPSS
Exploits2References3Affected Software1
CNVD
CNVD
added 2021/11/16 12:0 a.m.39 views

Xml-Sitemaps Cross-Site Request Forgery Vulnerability

Xml-Sitemaps is a file that lists important pages of a website. It is used to list important pages of a website. XML-Sitemaps' Unlimited Sitemap Generator has a security vulnerability, no details of the vulnerability are available at this time...

8.8CVSS1.8AI score0.00507EPSS
Exploits0References1
Rows per page
Query Builder