27 matches found
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress underConstruction plugin in version 1.18...
underConstruction < 1.19 - Reflected Cross-Site Scripting
The plugin does not escape the PHPSELF before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php/"/?page=under-construction...
WordPress underConstruction plugin <= 1.18 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Ram Gall WordFence in WordPress underConstruction plugin versions = 1.18. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.19...
Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)
The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...
CVE-2013-2699
Cross-site request forgery CSRF vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors...
CVE-2013-2699
The CVE-2013-2699 entry concerns the WordPress underConstruction plugin (versions before 1.09). The vulnerability is a CSRF flaw that allows an attacker to hijack administrator authentication to deactivate the plugin via unspecified vectors, potentially disabling protection for the site. Affected...
WordPress underConstruction Plugin <= 1.08 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. Solution Update the plugin...