1. Reverse Engineering >
  2. Exploits >
  3. Reality | Estate Multipurpose WordPress Theme v2.5.1 Reflected XSS

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Reality | Estate Multipurpose WordPress Theme v2.5.1 Reflected XSS


Exploits vom | Direktlink: cxsecurity.com Nachrichten Bewertung

/wp-content/themes/reality/...

Externe Webseite mit kompletten Inhalt öffnen



https://cxsecurity.com/issue/WLB-2020010128

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Ensure latest comments can only be viewed from public posts

    vom 1283.71 Punkte ic_school_black_18dp
    Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor
  • Prevent HTML decoding on by setting the proper editor context

    vom 1243.84 Punkte ic_school_black_18dp
    XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor
  • Add a new filter to extend set-screen-option

    vom 1239.45 Punkte ic_school_black_18dp
    Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Ensure that wp_validate_redirect() sanitizes a wider variety of characters

    vom 1239.45 Punkte ic_school_black_18dp
    Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Authenticated XSS issue via theme uploads

    vom 1138.56 Punkte ic_school_black_18dp
    Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2
  • Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

    vom 1123.67 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1059.96 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Issues related to referrer validation in the admin

    vom 1058.98 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1055.57 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • A server-side request forgery in the way that URLs were validated

    vom 1055.57 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1005.48 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 936.39 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über Reality | Estate Multipurpose WordPress Theme v2.5.1 Reflected XSS