1. Reverse Engineering >
  2. Sicherheitslücken >
  3. gregs-high-performance-seo Plugin up to 1.6.1 on WordPress cross site scripting

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

gregs-high-performance-seo Plugin up to 1.6.1 on WordPress cross site scripting


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in gregs-high-performance-seo Plugin up to 1.6.1 on WordPress (WordPress Plugin). It has been declared as problematic. This vulnerability affects an unknown functionality. Upgrading to version 1.6.2 eliminates this vulnerability....
https://vuldb.com/?id.140344

Externe Quelle mit kompletten Inhalt anzeigen


Zur Startseite von Team IT Security

➤ Weitere Beiträge von Team Security | IT Sicherheit

Cast user_id to int to prevent XSS

vom 2056.41 Punkte ic_school_black_18dp
Introducing type casting to avoid XSS. This vulnerability affects the following application versions: Yoast SEO 1.6.2 Yoast SEO 1.6.3 Yoast SEO 1.7 Yoast SEO 1.7.1

Add escaping to different admin sections to prevent XSS

vom 1782.22 Punkte ic_school_black_18dp
Various admin sections were not properly sanitized against XSS. This vulnerability affects the following application versions: Yoast SEO 1.5.5 Yoast SEO 1.5.5.1 Yoast SEO 1.5.5.2

Add sanitation to Input variables in the bulk editor and ajax module to prevent XSS

vom 1565.15 Punkte ic_school_black_18dp
Input variables in the bulk editor and ajax module were vulnerable to XSS. This vulnerability affects the following application versions: Yoast SEO 1.5.5 Yoast SEO 1.5.5.1 Yoast SEO 1.5.5.2

Added escaping to metabox text field to prevent XSS

vom 1439.49 Punkte ic_school_black_18dp
Certain inputs were not properly escaped against an XSS attack. This vulnerability affects the following application versions: Yoast SEO 2.0 Yoast SEO 2.0.1 Yoast SEO 2.1 Yoas

Adding key sanitation for attributes to prevent XSS

vom 1439.49 Punkte ic_school_black_18dp
Attributes were not properly sanitized as keys to prevent XSS. This vulnerability affects the following application versions: Yoast SEO 3.2 Yoast SEO 3.2.1 Yoast SEO 3.2.2 Yoast SEO 3.

Sitemap sanitation added to avoid XSS

vom 1382.36 Punkte ic_school_black_18dp
The sitemap request server was not properly sanitized against XSS. This vulnerability affects the following application versions: Yoast SEO 2.2 Yoast SEO 2.2.1 Yoast SEO 2.3 Yoast SEO

Escaping promo extension message to prevent XSS

vom 1370.94 Punkte ic_school_black_18dp
The promo extension messages were not properly escaped which could result in an XSS attack. This vulnerability affects the following application versions: Yoast SEO 2.3 Yoast SEO 2.3.1 Yoast SEO 2.3.2

Ensure latest comments can only be viewed from public posts

vom 1356.53 Punkte ic_school_black_18dp
Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Add a new filter to extend set-screen-option

vom 1309.75 Punkte ic_school_black_18dp
Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Prevent HTML decoding on by setting the proper editor context

vom 1309.75 Punkte ic_school_black_18dp
XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor

Ensure that wp_validate_redirect() sanitizes a wider variety of characters

vom 1309.75 Punkte ic_school_black_18dp
Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1

Added escaping to admin views to avoid XSS

vom 1302.39 Punkte ic_school_black_18dp
A range of elements were not properly escaped against a possible XSS attack. This vulnerability affects the following application versions: Yoast SEO 3.2 Yoast SEO 3.2.1 Yoast SEO 3.2.2

Team Security Diskussion über gregs-high-performance-seo Plugin up to 1.6.1 on WordPress cross site scripting