EUVD-2021-11970

Malware in sbrugna...

CVE-2024-3167

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitterusername’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

PT-2024-24183 · WordPress · Ocean Extra

Name of the Vulnerable Software and Affected Versions: The Ocean Extra plugin for WordPress versions up to, and including, 2.2.6 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

Hubbub Lite < 1.32.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup As admin, enable the 'Floating Sidebar...

CVE-2021-25058 The Buffer Button <= 1.0 - Authenticated Stored Cross Site Scripting (XSS)

The Buffer Button WordPress plugin through 1.0 was vulnerable to Authenticated Stored Cross Site Scripting XSS within the Twitter username to mention text field...

WordPress plugin Buffer Button 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Buffer Button prior to version 1.0, which...