12 matches found
CVE-2020-37235
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
CVE-2020-37235
CVE-2020-37235 concerns WordPress Theme Wibar 1.1.8, where a stored XSS flaw exists in the Brand component. The vulnerability allows authenticated users with editor/administrator/contributor/author roles to inject base64-encoded script payloads via the ftc_brand_url input field, resulting in arbi...
EUVD-2020-31237
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
CVE-2020-37235
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
CVE-2020-37235 WordPress Theme Wibar 1.1.8 Stored Cross-Site Scripting via Brand Component
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
WordPress plugin theme Wibar 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-41435
WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parameter. Attackers with editor, administrator, contributor, or author privileges can inject...
Wordpress Theme Wibar 'Brand Component' Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in Wordpress Theme Wibar 'Brand Component'. An...
Wibar < 1.2.1 - Authenticated Stored Cross-Site Scripting
The theme contains a Brands feature which is vulnerable to stored Cross Site Scripting XSS within the logo URL parameter. Edit WPScanTeam November 27th, 2020 - Vendor Contacted via https://themeftc.ticksy.com/submit/ November 28th-29th, 2020 - Exchanges with vendor's support but they do not...
WordPress Wibar premium theme <= 1.1.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ilca Lucian Florin in WordPress Wibar premium theme versions = 1.1.8. Solution 2020-11-30 - we were unable to find information about the patched version of this premium theme...
WordPress Wibar Theme 1.1.8 Cross Site Scripting
Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: http://demo.themeftc.com/wibar Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 Version:...
Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting
Exploit Title: Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: http://demo.themeftc.com/wibar Software Link: https://themeforest.net/item/wibar-responsive-woocommerce-wordpress-theme/20994798 Version:...