6 matches found
CVE-2019-12934
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljsadditionalcss parameter...
WordPress wp-code-highlightjs plugin <= 0.6.3 - Malicious Polyfill.io Embed vulnerability
Malicious Polyfill.io Embed vulnerability discovered by Sansec.io in WordPress Plugin wp-code-highlightjs versions = 0.6.3...
WordPress wp-code-highlightjs plugin cross-site request forgery vulnerability
WordPress is a set of blogging platform developed by WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wp-code-highlightjs plugin is a highlighting plugin used in it. A cross-site request forgery vulnerability exists in WordPre...
CVE-2019-12934
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljsadditionalcss parameter...
CVE-2019-12934
An issue was discovered in the wp-code-highlightjs plugin through 0.6.2 for WordPress. wp-admin/options-general.php?page=wp-code-highlight-js allows CSRF, as demonstrated by an XSS payload in the hljsadditionalcss parameter...
CVE-2019-12934
The wp-code-highlightjs plugin for WordPress (≤0.6.2) is vulnerable to CSRF that enables stored XSS via the hljs_additional_css parameter in wp-admin/options-general.php?page=wp-code-highlight-js. Root cause: lack of CSRF protection in admin settings. Impact: authenticated attacker can inject XSS...