Lucene search
K

4 matches found

0day.today
0day.today
added 2024/08/14 12:0 a.m.167 views

WordPress Profilepro 1.3 Cross Site Scripting Vulnerability

Exploit Title: profilepro if !response.ok throw new Error'Network response was not ok'; return response.text; .thendata = console.logdata .catcherror = console.error'Error:', error; - As an admin, go to http://example.com/wp-admin/edit.php?posttype=profileproform - Choose the default profile, cli...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2022/02/13 12:0 a.m.24 views

WordPress 3D FlipBook plugin <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting (XSS) vulnerability

Subscriber+ Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 3D FlipBook plugin versions = 1.12.0. Solution Update the WordPress 3D FlipBook plugin to the latest available version at least 1.12.1...

5.4CVSS1.9AI score0.00591EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/12/27 12:0 a.m.488 views

Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting

The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...

0.2AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2021/12/01 12:0 a.m.12 views

Variation Swatches for WooCommerce < 2.1.2 - Subscriber+ Stored Cross-Site Scripting

The plugin does not have authorisation and CSRF checks in the tawcvssavesettings, updateattributetypesetting and updateproductattrtype AJAX actions, allowing any authenticated users to call them. The tawcvssavesettings could especially be used to update the plugin’s settings and add XSS payloads...

6.4CVSS4AI score0.00531EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder