Lucene search
K
WpvulndbMost viewed

14602 matches found

WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.20 views

Gallery Blocks with Lightbox < 2.2.1- Authenticated Stored Cross-Site Scripting

A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox Version – 2.2.0 & below . The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the...

5.4CVSS5AI score0.00618EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.20 views

Post Views Counter < 1.3.5 - Authenticated Stored XSS

The plugin does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Post Views Label settings of the plugin...

4.8CVSS1.4AI score0.00598EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/22 12:0 a.m.20 views

The Sorter <= 1.0 - Authenticated SQL Injection

The checkorder function of the plugin uses an areaid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. PoC GET /wp-admin/admin.php?page=thesorterareasid=1%20AND%20SELECT%207667%20FROM%20SELECTSLEEP5DWBj HTTP/1.1 Cache-Control:...

7.2CVSS1.3AI score0.01467EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.20 views

Email Artillery <= 4.1 - Arbitrary File Upload

The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...

6.8CVSS6.5AI score0.00558EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/16 12:0 a.m.20 views

Language Bar Flags <= 1.0.8 - CSRF to Stored XSS

The plugin does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in t...

4.3CVSS2.2AI score0.00483EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.20 views

Multiplayer Games <= 3.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $SERVER'PHPSELF' in the /multiplayergames.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.1AI score0.00938EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/13 12:0 a.m.20 views

Plugmatter Pricing Table Lite <= 1.0.32 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the email parameter in the /license.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.4AI score0.00895EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/11 12:0 a.m.20 views

Securimage-WP-Fixed <= 3.5.4 - Reflected Cross-Site Scripting (XSS)

The plugin is affected by a Reflected Cross-Site Scripting issue due to the use of $SERVER'PHPSELF' in the /securimage-wp.php file which allows attackers to inject arbitrary web scripts PoC https://example.com/wp-admin/options-general.php/"/script%3E?page=securimage-wp-options%2F...

6.1CVSS2.1AI score0.02313EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/11 12:0 a.m.20 views

Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The plugin is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting feature mentioned by the plugin, this could lead to Stored XSS issue which will b...

4.3CVSS2.1AI score0.00483EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/10 12:0 a.m.20 views

Book appointment Online < 1.39 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC In the admin dashboard navigate to Services Add service and put the...

4.8CVSS1.3AI score0.00617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/09 12:0 a.m.20 views

AddToAny < 1.7.46 - Authenticated Stored XSS

The plugin does not sanitise its Sharing Header setting when outputting it in frontend pages, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Put the following payload in the Sharing Header setting of th...

5.4CVSS1.4AI score0.00624EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/29 12:0 a.m.20 views

WordPress Download Manager < 3.1.25 - Authenticated Directory Traversal

Authenticated Directory Traversal in WordPress Download Manager Add New. Name the post, and intercept the request when you Submit for Review no file needs to be uploaded. In the filepagetemplate parameter, swap out page-template-1col-flat.php for “\\../../../../../wp-config.php” Then preview the...

4CVSS2.2AI score0.01331EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/27 12:0 a.m.20 views

uListing < 2.0.6 - Unauthenticated Privilege Escalation

An Unauthenticated Privilege Escalation vulnerability was discovered in the uListing plugin through v2.0.5 for WordPress. User registration must be allowed on the target website. PoC PoC | Unauthenticated Privilege Escalation | Request: POST /wp-admin/admin-ajax.php?action=stmlistingregister HTTP...

7.5CVSS1.8AI score0.02109EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/26 12:0 a.m.20 views

GiveWP < 2.12.0 - Authenticated Stored XSS

The plugin did not escape the Donation Level setting of its Donation Forms, allowing high privilege users to use Cross-Site Scripting payloads in them. PoC Put the following payload in any Donation Level Text field of a Donation Form ie...

3.5CVSS1.6AI score0.00617EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/23 12:0 a.m.20 views

GTranslate < 2.8.65 - Reflected Cross-Site Scripting (XSS)

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

4.3CVSS1AI score0.01572EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.20 views

Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue PoC Add or Edit a Characteristic...

3.5CVSS4.5AI score0.00613EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/02 12:0 a.m.20 views

Workreap < 2.2.2 - Missing Authorization Checks in Ajax Actions

The theme had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site. PoC log in as arbitrary...

5.5CVSS1.3AI score0.01251EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.20 views

Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection

The hndtstactioninstancecallback AJAX call of the plugin, available to any authenticated users, does not sanitise, validate or escape the hndtstpreviewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. PoC curl -i -s -k -X $'POST' \ -H...

6.5CVSS1.8AI score0.01599EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.20 views

Poll Maker < 3.2.1 - Authenticated Blind SQL Injections

The getpollcategories, getpolls and getreports functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p order...

6.5CVSS0.1AI score0.01409EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.20 views

Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections

The getgallerycategories and getgalleries functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby...

6.5CVSS0.3AI score0.01362EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/29 12:0 a.m.20 views

RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF

The Import feature of the plugin /wp-admin/tools.php?page=rsvpmakerexportscreen takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. PoC Go to the...

4CVSS0.5AI score0.01012EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.20 views

Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS)

The plugin does not sanitise or escape its "Use your own theme" setting before outputting it in the page, leading to an authenticated admin+ stored Cross-Site Scripting issue PoC As admin, put the following payload in the "Use your own theme enter URL:" option...

3.5CVSS0.7AI score0.00613EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/28 12:0 a.m.20 views

User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR

The plugin was affected by an IDOR issue, allowing users with the uploadimage capability by default author and above to change and delete the profile pictures of other users including those with higher roles. PoC Use a proxy such as Burp Suite to capture the request made when change your own...

5.5CVSS0.00775EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/23 12:0 a.m.20 views

WP Image Zoom < 1.47 - Local File Inclusion

The plugin did not validate its tab parameter before using it in the includeonce function, leading to a local file inclusion issue in the admin dashboard PoC PoC: https://example.com/wp-admin/admin.php?page=zoooomsettings=whatever This URL shows includeonce error, which indicates that the paramet...

5CVSS0.1AI score0.01375EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/06/11 12:0 a.m.20 views

Easy Cookie Policy <= 1.6.2 - Broken Access Control to Stored Cross-Site Scripting

The plugin is lacking any capability and CSRF check when saving it's settings, allowing any authenticated users such as subscriber to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in al...

6.5CVSS0.8AI score0.10703EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/31 12:0 a.m.20 views

WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...

5.4CVSS1.8AI score0.0062EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/27 12:0 a.m.20 views

Xllentech English Islamic Calendar < 2.6.8 - Authenticated SQL Injection

When deleting a date in the plugin, the yearnumber and monthnumber POST parameters are not sanitised, escaped or validated before being used in a SQL statement, leading to SQL injection. PoC POST /wp-admin/options-general.php?page=xllentechoptionstab4 HTTP/1.1 Content-Length: 220 Cache-Control:...

8.8CVSS1.2AI score0.01586EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/26 12:0 a.m.20 views

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Export

The exportdata function of the plugin had no capability or nonce checks making it possible for unauthenticated users to export a site's redirects. PoC curl -X POST --url "URL/wp-admin/admin-post.php?page=301options=true"...

8.8CVSS3AI score0.01169EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/19 12:0 a.m.20 views

FlightLog <= 3.0.2 - Authenticated (editor+) SQL Injection

The plugin does not sanitise, validate or escape various POST parameters before using them a SQL statement, leading to SQL injections exploitable by editor and administrator users PoC 1. to and from parameters Editor Level Tools - Flightlog - add a record POST...

7.2CVSS0.01547EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/17 12:0 a.m.20 views

LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR

The plugin was affected by an IDOR issue, allowing students to see other student answers and grades PoC - Add 2 users with Student role for the scenario . - Create A course With a quiz I picked True or Flase question for my quiz - Set Enrol on Free for the ease of scenario - Enrol into the...

5CVSS0.4AI score0.01625EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/16 12:0 a.m.20 views

Bello < 1.6.0 - Unauthenticated Blind SQL Injection

The theme did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues PoC -- Payload: $ -4034 OR 4877=4877 AND 2369=2369 -- PoC 1 |...

9.8CVSS9.9AI score0.66576EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/16 12:0 a.m.20 views

Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS

The theme did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete, btbblistingfieldpricerangefrom and...

6.1CVSS5.9AI score0.10769EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/05/09 12:0 a.m.20 views

ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS)

The ReDi Restaurant Reservations plugin provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to ma...

6.1CVSS6AI score0.05501EPSS
Exploits5References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/19 12:0 a.m.20 views

Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue PoC /wp-admin/admin.php?page=ultimate-maps-supsystic="onmouseover=alert1//...

4.3CVSS1AI score0.17638EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/19 12:0 a.m.20 views

Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)

The plugin did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue PoC /wp-admin/admin.php?page=contact-form-supsystic="onmouseover=alert1//...

4.3CVSS0.8AI score0.16044EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.20 views

Video Downloader for TikTok < 1.4 - Server Side Request Forgery (SSRF) & Local File Inclusion (LFI)

The plugin is vulnerable to SSRF or LFI attacks via the njt-tk-download-video parameter sent by the user not being properly sanitized before used in code...

7.5CVSS3.2AI score0.01967EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.20 views

Image Hover Effects - Elementor Addon < 1.3.4 - Contributor+ Stored XSS

The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Image Hover Effects” widget accepts a "eihetag" parameter. Although the eleme...

3.5CVSS1.2AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.20 views

JetWidgets For Elementor < 1.0.9 - Contributor+ Stored XSS

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Animated Box” widget accepts "titlehtmltag" and "subtitlehtmltag" parameters...

3.5CVSS1.1AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.20 views

The Plus Addons for Elementor Page Builder Lite < 2.0.6 - Contributor+ Stored XSS

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Accordion” widget accepts a “titlehtmltag” parameter. Although...

3.5CVSS5.5AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/04/13 12:0 a.m.20 views

Elementor - Header, Footer & Blocks Template < 1.5.8 - Contributor+ Stored XSS

The “Elementor – Header, Footer & Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting XSS by lower-privileged users such as contributors, all via a similar method. The “Page Title” widget accepts a “headingtag” parameter. Although the...

3.5CVSS1.1AI score0.0059EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/29 12:0 a.m.20 views

Virtual Robots.txt < 1.10 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the content of the robots.txt, allowing high privilege users admin+ to use XSS payloads, which will be output back in the settings page of the plugin. PoC Put the following directive in the plugin settings "User Agents and Directives for this site" Disallow:...

2.1AI score0.01669EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/26 12:0 a.m.20 views

Easy Form Builder <= 1.0 - Authenticated Arbitrary File Upload

The EFBPverifyuploadfile AJAX action of the plugin, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. PoC The PoC will be displayed once the issue has been remediated...

6.5CVSS4.6AI score0.01906EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/21 12:0 a.m.20 views

WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE

We noticed 0-day in the plugin https://woocommerce.com/products/woocommerce-help-scout/ being actively exploited. This vulnerability affects at least versions 2.6-2.8 current latest published version and allows unauthenticated users to upload any files to the site which by default will end up in...

7.5CVSS0.8AI score0.07908EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/15 12:0 a.m.20 views

Tutor LMS < 1.7.7 - SQL Injection via tutor_mark_answer_as_correct

The tutormarkanswerascorrect AJAX action from the plugin was vulnerable to blind and time based SQL injections that could be exploited by students. PoC python3 sqlmap.py -r /tutortime.txt --dbms=mysql --technique=T -p answerid --dump Where tutortime.txt is POST /wp-admin/admin-ajax.php HTTP/1.1...

4CVSS6.7AI score0.01253EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/15 12:0 a.m.20 views

Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding within the plugin lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. PoC /wp-admin/post.php?post=1=edit〈='...

3.5CVSS1AI score0.00632EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/03 12:0 a.m.20 views

User Profile Picture < 2.5.0 - Sensitive Information Disclosure

The REST API endpoint getusers in the plugin returned more information than was required for its functionality to users with the uploadfiles capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. PoC Usage: php poc.php auth...

7.5AI score0.04788EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/03 12:0 a.m.20 views

Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)

This plugin helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. PoC wp-admin/admin.php?page=wc-order-export=alert/XSS/...

4.3CVSS0.9AI score0.10348EPSS
Exploits5Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/10 12:0 a.m.20 views

All In One WP Security & Firewall < 4.4.6 - Authenticated Cross-Site Scripting (XSS)

The plugin did not escape the banned user agents in its settings before output, which may allow administrators to enter malicious UA with XSS payloads under certain conditions. Note: We were not able to reproduce the issue...

4.3CVSS2.3AI score0.01495EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/08 12:0 a.m.20 views

Ultimate Maps by Supsystic < 1.1.17 - Authenticated SQL Injections

The GET parameters sidx and sord were used in a SQL statement without being sanitised when searching for maps in the dashboard, leading to an authenticated SQL Injection issues. PoC...

0.8AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/02/04 12:0 a.m.20 views

Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the plugin. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request coul...

1.2AI score0.00593EPSS
Exploits1References1Affected Software1
Total number of security vulnerabilities5000