41 matches found
CVE-2024-5034
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5151 SULly < 4.3.1 - Admin+ Stored XSS
The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5151 SULly < 4.3.1 - Admin+ Stored XSS
The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5151
The CVE-2024-5151 entry concerns the SULly WordPress plugin prior to version 4.3.1. The vulnerability is a Stored XSS caused by insufficient sanitization/escaping of plugin settings, potentially allowing high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is di...
CVE-2024-5034 SULly < 4.3.1 - Plugin Reset via CSRF
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5034 SULly < 4.3.1 - Plugin Reset via CSRF
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-5033
The CVE-2024-5033 entry concerns the SULly WordPress plugin prior to version 4.3.1, which lacks CSRF checks and proper sanitization/escaping, enabling a logged-in admin to inject Stored XSS payloads via a CSRF attack. Red Hat and Patchstack entries corroborate the vulnerability description and no...
CVE-2024-5034
CVE-2024-5034 affects the SULly WordPress plugin prior to 4.3.1. The issue is a lack of CSRF checks in several actions, enabling CSRF-based actions by logged-in users. The documented impact is high: CVSS v3.1 base score 8.8 (HIGH) with network attack vector, no privileges, user interaction requir...
CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF
The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF
The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5032 SULly < 4.3.1 - Reflected XSS
The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5032 SULly < 4.3.1 - Reflected XSS
The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-5032
CVE-2024-5032 - SULly WordPress plugin : Versions prior to 4.3.1 do not sanitize/escape a parameter before echoing it on the page, causing a Reflected XSS that could affect high-privilege users (e.g., admins). The issue is fixed in 4.3.1; upgrade to 4.3.1 or later. If upgrading, test compatibility.
WordPress plugin SULly security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-34143 · WordPress · Sully
Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue concerns a lack of CSRF check in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via...
WordPress plugin SULly security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-34135 · WordPress · Sully
Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...
PT-2024-34150 · WordPress · Sully
Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...
WordPress plugin SULly security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin SULly security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...