CVE-2024-11605

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

WordPress plugin wp-publications cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

WordPress WP Publications plugin <= 1.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Zeynalxan Quliyev, Revan Poladl in WordPress Plugin WP Publications versions = 1.2...

CVE-2024-11605 WP Publications <= 1.2 - Admin+ Stored XSS

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

WordPress plugin wp-publications 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

PT-2024-17132 · WordPress · Wp-Publications

Name of the Vulnerable Software and Affected Versions: wp-publications WordPress plugin versions 1.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...

Remote code execution

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

CVE-2021-38360 wp-publications <= 0.0 Local File Include

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

CVE-2021-38360

The CVE-2021-38360 entry concerns the WordPress plugin wp-publications (versions

CVE-2021-38360 wp-publications <= 0.0 Local File Include

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

WordPress 插件 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A path traversal vulnerability exists in the...