3 matches found
WordPress BadgeOS <=3.7.0 - SQL Injection
WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operatio...
Multiple Plugins from WPPlugin - Reflected Cross-Site Scripting via page Parameter
The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021 PoC Example in easy-paypal-donation...
Multiple Plugins from WPPlugin - Reflected Cross-Site Scripting via page Parameter
The plugins do not escape a page parameter before outputting it back in an attribute in various admin pages, leading to Reflected Cross-Site Scripting issues. The issues were reported to the vendor on August 10th, 2021 Example in easy-paypal-donation alert/XSS/' / alert/XSS/' /...