CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

WordPress Plugin Slider by Supsystic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Slider by Supsystic A...

WordPress Plugin Slider Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Slider Revolution 3.0.95 任意文件上传漏洞

下面是对版本号为3.0.3的分析和测试结果。任意文件上传漏洞源于该插件自带的 “插件更新”” 功能，在启用该插件的同时会将一系列的action操作都注册到WordPress的ajax请求里。并且插件在接受更新请求后并没有判断用户权限，导致恶意者可利用该点进行攻击。所涉及文件：/revslideradmin.php //add common scripts there //self::addActionself::ACTIONADMININIT, "onAdminInit"; //ajax response to save slider options...