1. Reverse Engineering >
  2. Exploits >
  3. rsvp Plugin up to 2.3.7 on WordPress attendee-list Screen note Persistent cross site scripting

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

rsvp Plugin up to 2.3.7 on WordPress attendee-list Screen note Persistent cross site scripting


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability classified as problematic has been found in rsvp Plugin up to 2.3.7 on WordPress (WordPress Plugin). This affects some unknown processing of the component attendee-list Screen. Upgrading to version 2.3.8 eliminates this vulnerability....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.140517

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Ensure latest comments can only be viewed from public posts

    vom 1395.84 Punkte ic_school_black_18dp
    Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor
  • Add a new filter to extend set-screen-option

    vom 1356.1 Punkte ic_school_black_18dp
    Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Prevent HTML decoding on by setting the proper editor context

    vom 1347.7 Punkte ic_school_black_18dp
    XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor
  • Ensure that wp_validate_redirect() sanitizes a wider variety of characters

    vom 1347.7 Punkte ic_school_black_18dp
    Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

    vom 1221.82 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • Authenticated XSS issue via theme uploads

    vom 1214.41 Punkte ic_school_black_18dp
    Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2
  • Issues related to referrer validation in the admin

    vom 1151.47 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1147.77 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1147.77 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • A server-side request forgery in the way that URLs were validated

    vom 1147.77 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1088.53 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 1025.15 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über rsvp Plugin up to 2.3.7 on WordPress attendee-list Screen note Persistent cross site scripting