8 matches found
EUVD-2017-7941
Malware in sbrugna...
WordPress Ultimate Instagram Feed plugin <=1.3.1 - Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting XSS vulnerability found by Gilzow in WordPress Ultimate Instagram Feed plugin versions =1.3.1. Solution We were unable to find a complete changelog for this plugin, but there is 1.3.3 version available. Use it at your own risk!...
WordPress Ultimate Instagram Feed Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Ultimate Instagram Feed plugin is a photo wall plugin used in... A cross-site scripting vulnerability exists i...
CVE-2017-16758
Cross-site scripting XSS vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "accesstoken" parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "accesstoken" parameter...
CVE-2017-16758
Cross-site scripting XSS vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "accesstoken" parameter...
CVE-2017-16758
Cross-site scripting XSS vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "accesstoken" parameter...
CVE-2017-16758
CVE-2017-16758 affects WordPress via the Ultimate Instagram Feed plugin up to version 1.3, in the admin/partials/uif-access-token-display.php file. The vulnerability is an XSS in which the attacker can inject script/HTML through the access_token parameter, with evidence of a PoC demonstrating ref...