CVE-2021-25085

The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woofredrawelements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting...

CVE-2022-2424

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin Google Maps Anywhere 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress wp-editor plugin cross-site scripting vulnerability

WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-editor plugin is an editor plugin used in it. A cross-site scripting vulnerability exists in WordPress wp-editor plugin...

WordPress WP Editor plugin <= 1.2.6.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress WP Editor plugin versions = 1.2.6.2. Solution Update the WordPress WP Editor plugin to the latest available version at least 1.2.6.3...

Santilga CMS 1.2.6.3 Cross Site Request Forgery / SQL Injection

Exploit for php platform in category web applications ============================= Vulnerable software: Santilga CMS version 1.2.6.3 $ head -n 10 Admin.php|less view-templateName = "admin"; parent::construct; $this-lang = SantilgaLanguage::getInstance-getLanguage; $this-view-lang = $this-lang;...