CVE-2024-11605

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

WordPress plugin wp-publications cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

WordPress WP Publications plugin <= 1.2 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Zeynalxan Quliyev, Revan Poladl in WordPress Plugin WP Publications versions = 1.2...

CVE-2024-11605 WP Publications <= 1.2 - Admin+ Stored XSS

The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

PT-2024-17132 · WordPress · Wp-Publications

Name of the Vulnerable Software and Affected Versions: wp-publications WordPress plugin versions 1.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...

WordPress plugin wp-publications 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

Remote code execution

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

CVE-2021-38360 wp-publications <= 0.0 Local File Include

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

CVE-2021-38360 wp-publications <= 0.0 Local File Include

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the QFILE parameter found in the /bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0...

CVE-2021-38360

The CVE-2021-38360 entry concerns the WordPress plugin wp-publications (versions

WordPress 插件 路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A path traversal vulnerability exists in the...