14 matches found
CVE-2020-37225
Powie’s WHOIS Domain Check 0.9.31 has a persistent cross-site scripting (XSS) vulnerability in pwhois_settings.php, exploitable by authenticated attackers via unsanitized input in plugin settings (textarea/input fields). This can execute JavaScript in the admin context and may enable privilege es...
CVE-2020-37225
Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...
PT-2026-40626
Powie's WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in t...
EUVD-2017-9725
Malware in sbrugna...
Wordpress Plugin Powie's WHOIS Domain Check Stored Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A stored cross-site scripting vulnerability exists in the Wordpress plugin Powie's WHOIS Domain Check. An attacker can exploi...
Powie's WHOIS Domain Check < 0.9.33 - Authenticated Stored Cross-Site Scripting
The plugin does not properly sanitise and encode user input when output back in its settings page, leading to authenticated from high privileged users stored Cross-Site Scripting XSS issues...
WordPress Powie's WHOIS Domain Check plugin <= 0.9.31 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by mqt in WordPress Powie's WHOIS Domain Check plugin versions = 0.9.31. Solution Update the WordPress Powie's WHOIS Domain Check plugin to the latest available version at least 0.9.33...
WordPress wp-whois-domain plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in version 1.0.0 of the WordPress wp-whois-domain plugin. The...
CVE-2017-18612
The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter...
Design/Logic Flaw
The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter...
CVE-2017-18612
The CVE-2017-18612 entry affects WordPress plugin wp-whois-domain version 1.0.0. The issue is an XSS vulnerability in pages/func-whois.php domain parameter, caused by insufficient validation of client-side data. Exploitation is described as unauthenticated in several sources (WPVulndb/Exploits), ...
Black Owl - Tool To Gather Information, Based On Operative-Framework
This is a simple tool to gather information, based on Operative-Framework. Requirements requests pythonwhois beautifulsoup4 Install requirements $ pip install -r requirements.txt How to use $ git clone https://github.com/qqwaszx/blackowl.git $ python main.py : blackowl help Modules /core/modules/...
WordPress Whois Domain Plugin - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability. Solution Update the plugin...
WP Whois Domain <= 1.0.0 - Unauthenticated Cross-Site Scripting (XSS)
The plugin is still affected and has been closed. PoC...