Lucene search
K

7 matches found

CNVD
CNVD
added 2021/12/18 12:0 a.m.13 views

WordPress Ultimate NoFollow plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. ultimate NoFollow plugin is a WordPress open source application plugin. the WordPress Ultimate NoFollow plugin in version 1.4....

5.4CVSS1.3AI score0.00604EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:40 a.m.43 views

CVE-2021-24817

CVE-2021-24817 affects the WordPress plugin Ultimate NoFollow (versions

5.4CVSS5.2AI score0.00604EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:40 a.m.16 views

CVE-2021-24817 Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting

The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.5AI score0.00604EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. ultimate NoFollow plugin is a WordPress open source application plugin. the WordPress Ultimate NoFollow plugin in version 1.4....

5.4CVSS5.7AI score0.00604EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.143 views

Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks Affected shortcodes: nf, nofo, nofol, nofollow, relnofollow As a contributor, put the below shortcode in a post/page nf...

5.4CVSS5.3AI score0.00604EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2021/11/15 12:0 a.m.20 views

Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks PoC Affected shortcodes: nf, nofo, nofol, nofollow, relnofollow As a contributor, put the below shortcode in a post/page nf...

5.4CVSS4.9AI score0.00604EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.19 views

WordPress Ultimate Nofollow plugin <= 1.4.8 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Quentin VILLAIN 3wsec in WordPress Ultimate Nofollow plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of November 3, 2021 and is not available for download. This closure is temporary, pending a full...

5.4CVSS2.8AI score0.00604EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder