221 matches found
CVE-2021-24436
The CVE-2021-24436 entry concerns the WordPress W3 Total Cache plugin prior to version 2.1.4. A reflected XSS vulnerability exists in the extension parameter of the Extensions dashboard, where the value is output inside an attribute without proper escaping. This can allow an attacker to persuade ...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache prior to version...
WordPress和W3 Total Cache 跨站脚本漏洞
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache in versions prior to 2.1.4, which stems from a lack of validation of client-side data in the "extension" parameter of t...
WordPress W3 Total Cache Code Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...
CVE-2021-24427
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-24427
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-24427 W3 Total Cache < 2.1.3 - Authenticated Stored XSS
The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...
CVE-2021-24427
The CVE-2021-24427 entry concerns the WordPress W3 Total Cache plugin prior to 2.1.3. The vulnerability arises because the plugin did not sanitise or escape certain CDN settings, allowing high-privilege users to inject JavaScript that is output in pages, leading to an authenticated Stored XSS. Af...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...
WordPress W3 Total Cache plugin <= 2.1.4 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.4. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.5...
W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)
The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...
W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...
W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)
The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...
WordPress W3 Total Cache plugin <= 2.1.3 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.3. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.4...
W3 Total Cache < 2.1.3 - Authenticated Stored XSS
The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Vulnerable parameters: cnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...
WordPress W3 Total Cache plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress W3 Total Cache plugin versions = 2.1.2. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.3...
WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...
WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...
W3 Total Cache Plugin for WordPress < 0.9.5 Server-Side Request Forgery
The WordPress W3 Total Cache Plugin installed on the remote host is affected by a server-side request forgery SSRF vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...