Lucene search
K

221 matches found

CVE
CVE
added 2021/07/19 10:53 a.m.97 views

CVE-2021-24436

The CVE-2021-24436 entry concerns the WordPress W3 Total Cache plugin prior to version 2.1.4. A reflected XSS vulnerability exists in the extension parameter of the Extensions dashboard, where the value is output inside an attribute without proper escaping. This can allow an attacker to persuade ...

6.1CVSS5.9AI score0.01905EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.6 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache prior to version...

6.1CVSS5.9AI score0.01996EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.5 views

WordPress和W3 Total Cache 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache in versions prior to 2.1.4, which stems from a lack of validation of client-side data in the "extension" parameter of t...

6.1CVSS5.5AI score0.01905EPSS
Exploits2References2
CNVD
CNVD
added 2021/07/14 12:0 a.m.5 views

WordPress W3 Total Cache Code Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...

4.8CVSS6.4AI score0.00622EPSS
Exploits2References1
NVD
NVD
added 2021/07/12 8:15 p.m.26 views

CVE-2021-24427

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...

4.8CVSS0.00622EPSS
Exploits2References2
OSV
OSV
added 2021/07/12 8:15 p.m.2 views

CVE-2021-24427

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...

4.8CVSS5.8AI score0.00622EPSS
Exploits2References2
Cvelist
Cvelist
added 2021/07/12 7:20 p.m.31 views

CVE-2021-24427 W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue...

4.9AI score0.00622EPSS
Exploits2References2
CVE
CVE
added 2021/07/12 7:20 p.m.122 views

CVE-2021-24427

The CVE-2021-24427 entry concerns the WordPress W3 Total Cache plugin prior to 2.1.3. The vulnerability arises because the plugin did not sanitise or escape certain CDN settings, allowing high-privilege users to inject JavaScript that is output in pages, leading to an authenticated Stored XSS. Af...

4.8CVSS4.7AI score0.00622EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.3 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.W3 Total Cache is a website caching plugin. A code injection vulnerability exists in WordPress Plugin...

4.8CVSS5.4AI score0.00622EPSS
Exploits2References3
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.23 views

WordPress W3 Total Cache plugin <= 2.1.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.4. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.5...

6.1CVSS2.1AI score0.01996EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.273 views

W3 Total Cache < 2.1.5 - Reflected XSS in Extensions Page (JS Context)

The plugin was affected by a reflected Cross-Site Scripting XSS issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track usage to improve product quality' setting is enabled, as the parameter is output in a JavaScript context without proper escaping. This...

4.3CVSS5.9AI score0.01996EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.43 views

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

4.3CVSS0.2AI score0.01905EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.312 views

W3 Total Cache < 2.1.4 - Reflected XSS in Extensions Page (Attribute Context)

The plugin was vulnerable to a reflected Cross-Site Scripting XSS security vulnerability within the "extension" parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This could allow an attacker, who can convince an authenticated admin into clicking a...

4.3CVSS1.4AI score0.01905EPSS
Exploits2
Patchstack
Patchstack
added 2021/06/28 12:0 a.m.34 views

WordPress W3 Total Cache plugin <= 2.1.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by renniepak in WordPress W3 Total Cache plugin versions = 2.1.3. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.4...

6.1CVSS2.1AI score0.01905EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/16 12:0 a.m.23 views

W3 Total Cache < 2.1.3 - Authenticated Stored XSS

The plugin did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue PoC Vulnerable parameters: cnames= 1, cdncnames= 2, cdncnames= 3. CDN Type:...

4.8CVSS0.1AI score0.00622EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2021/04/25 12:0 a.m.26 views

WordPress W3 Total Cache plugin <= 2.1.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by m0ze in WordPress W3 Total Cache plugin versions = 2.1.2. Solution Update the WordPress W3 Total Cache plugin to the latest available version at least 2.1.3...

4.8CVSS2.4AI score0.00622EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2020/12/22 12:0 a.m.367 views

WordPress W3 Total Cache 0.9.3 File Read / Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...

5CVSS0.3AI score0.19396EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/12/22 12:0 a.m.569 views

WordPress Plugin W3 Total Cache - Unauthenticated Arbitrary File Read (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress W3 Total Cache File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability i...

7.5CVSS7.6AI score0.19396EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/10/26 12:0 a.m.8 views

W3 Total Cache Plugin for WordPress < 0.9.5 Server-Side Request Forgery

The WordPress W3 Total Cache Plugin installed on the remote host is affected by a server-side request forgery SSRF vulnerability due to improper sanitization of user-supplied input. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

7.4AI score
Exploits0References2
NVD
NVD
added 2020/02/12 3:15 p.m.24 views

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

9.8CVSS9.7AI score0.73862EPSS
Exploits4References4
Rows per page
Query Builder