4 matches found
WordPress Profilepro 1.3 Cross Site Scripting Vulnerability
Exploit Title: profilepro if !response.ok throw new Error'Network response was not ok'; return response.text; .thendata = console.logdata .catcherror = console.error'Error:', error; - As an admin, go to http://example.com/wp-admin/edit.php?posttype=profileproform - Choose the default profile, cli...
WordPress 3D FlipBook plugin <= 1.12.0 - Subscriber+ Stored Cross-Site Scripting (XSS) vulnerability
Subscriber+ Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress 3D FlipBook plugin versions = 1.12.0. Solution Update the WordPress 3D FlipBook plugin to the latest available version at least 1.12.1...
Tutor LMS < 1.9.12 - Subscriber+ Stored Cross-Site Scripting
The plugin does not escape the 'Job Title" field of user's profile, which could allow any authenticated users to set a Cross-Site Scripting payload in it, which will be triggered when an admin edit the related profile As a subscriber, edit your profile and add the following payload in the Job Tit...
Variation Swatches for WooCommerce < 2.1.2 - Subscriber+ Stored Cross-Site Scripting
The plugin does not have authorisation and CSRF checks in the tawcvssavesettings, updateattributetypesetting and updateproductattrtype AJAX actions, allowing any authenticated users to call them. The tawcvssavesettings could especially be used to update the plugin’s settings and add XSS payloads...