WordPress plugin Social comments by WpDevArt跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Social comments by WpDevArt plugin <= 2.4.9 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress Social comments by WpDevArt plugin versions = 2.4.9. Solution Update the WordPress Social comments by WpDevArt plugin to the latest available version at least 2.5.0...

Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Put the following payload in any of the plugin's text field settings such as Title , Title font-size etc: "...

Social comments by WpDevArt < 2.5.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in any of the plugin's text field settings such as Title , Title font-size etc: "svg...

CVE-2021-24464 YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS

The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor, leading to an authenticated Stored Cross-Site Scripting issue...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

Code injection

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices...

CVE-2018-10363

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices...

CVE-2018-10363

The CVE-2018-10363 entry applies to the WordPress plugin “Booking calendar, Appointment Booking System” by WpDevArt, version 2.2.2. The vulnerability is described as an issue where multiple parameters can be manipulated by a remote attacker to change data such as prices. The connected documents c...

CVE-2018-10363

An issue was discovered in the WpDevArt "Booking calendar, Appointment Booking System" plugin 2.2.2 for WordPress. Multiple parameters allow remote attackers to manipulate the values to change data such as prices...