Plugin Planet

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24408 1Plugin Planet 1Prismatic Nov 21, 2024 Jul 12, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor w...Show more The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.Show less
CVE-2016-11001 1Plugin Planet 1User Submitted Posts Nov 21, 2024 Sep 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2021-24408

1Plugin Planet

1Prismatic

Nov 21, 2024

Jul 12, 2021

N/A· v4

5.4 MEDIUM· v3

3.5 LOW· v2

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability.Show less

CVE-2016-11001

1Plugin Planet

1User Submitted Posts

Nov 21, 2024

Sep 20, 2019

N/A· v4

6.1 MEDIUM· v3

4.3 MEDIUM· v2

The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field.

Previous 12