3 matches found
WordPress Carousel CK plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Carousel CK plugin 1.1.0 and earlier versions have a cross-site scripting vulnerability tha...
Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider with the plugin and put the following payload in a Slide Descriptio...
Responsive Image Slider, Photo Gallery And Carousel < 1.3.6 - Subscriber+ Arbitrary Post Access
The plugin does not have proper authorisation check in the sfimageid AJAX action, which could allow any authenticated, such as subscriber, to view the content and title of arbitrary posts, for example private, draft and password protected ones. POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: /...