CVE-2022-29424 – WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-29424
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) reflejado y autenticado (rol de administrador o usuario superior) en el plugin Image Hover Effects Ultimate de Biplob Adhikari versiones anteriores a 9.7.1 incluyéndola, en WordPress Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. Please note that this is separate from CVE-2021-25031. • https://patchstack.com/database/vulnerability/image-hover-effects-ultimate/wordpress-image-hover-effects-ultimate-plugin-9-7-1-authenticated-reflected-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/image-hover-effects-ultimate/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-25031 – Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25031
The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting El plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) de WordPress versiones anteriores a 9.7.1, no escapa del parámetro effects antes de devolverlo en un atributo en una página de administración, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://plugins.trac.wordpress.org/changeset/2648086 https://wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •