33 matches found
EUVD-2022-35162
Malicious code in bioql PyPI...
CVE-2023-5560
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2022-2941
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...
CVE-2022-2473
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (Authenticated) Vulnerability
Exploit Title: WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Authenticated Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: Onur Göğebakan Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
CVE-2023-5560
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-5560 WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS
The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks...
CVE-2023-5560
The CVE-2023-5560 entry concerns the WP-UserOnline WordPress plugin (versions prior to 2.88.3). The root cause is failure to sanitize and escape the X-Forwarded-For header when its content is output on a page, enabling unauthenticated users to perform a Stored Cross-Site Scripting (XSS) attack. D...
WordPress plugin WP-UserOnline security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability in the...
PT-2023-32176 · WordPress · Wp-Useronline
Name of the Vulnerable Software and Affected Versions: WP-UserOnline WordPress plugin versions prior to 2.88.3 Description: The issue allows unauthenticated users to perform Cross-Site Scripting attacks due to the lack of sanitization and escaping of the X-Forwarded-For header before its content ...
Wordpress WP-UserOnline 2.88.0 Plugin - Stored Cross Site Scripting Vulnerability
Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
WordPress WP-UserOnline 2.88.0 Cross Site Scripting
Exploit Title: Wordpress Plugin WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
CVE-2022-2941
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...
CVE-2022-2473
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2022-2473
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
Cross site scripting
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2022-2941 WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...
CVE-2022-2941
The WP-UserOnline WordPress plugin (versions up to 2.88.0) contains multiple Stored Cross-Site Scripting (XSS) vulnerabilities due to improper sanitization/escaping in the Naming Conventions inputs. This flaw can be exploited by authenticated attackers with administrative privileges to inject Jav...
CVE-2022-2473 WP-UserOnline <= 2.87.6 - Authenticated (Admin+) Stored Cross-Site Scripting
The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘templatesbrowsingpagetext' parameter in versions up to, and including, 2.87.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with...
CVE-2022-2473
The WP-UserOnline WordPress plugin (versions up to and including 2.87.6) is affected by a Stored Cross-Site Scripting vulnerability in the templates[browsingpage][text] parameter due to insufficient input sanitization and output escaping. Exploitation requires authenticated access with administra...