CVE-2020-9003 – Modula Image Gallery <= 2.2.4 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-9003
A stored XSS vulnerability exists in the Modula Image Gallery plugin before 2.2.5 for WordPress. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. Se presenta una vulnerabilidad de tipo XSS almacenado en el plugin Modula Image Gallery versiones anteriores a 2.2.5 para WordPress. Una explotación con éxito de esta vulnerabilidad permitiría a un usuario poco privilegiado autenticado inyectar código JavaScript arbitrario que es visualizado por otros usuarios. • https://fortiguard.com/zeroday/FG-VD-20-041 https://github.com/MachoThemes/modula-lite/blob/master/changelog.txt https://wordpress.org/plugins/modula-best-grid-gallery https://wpvulndb.com/vulnerabilities/10077 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-8549 – Strong Testimonials <= 2.40.0 - Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-8549
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens. Una vulnerabilidad de tipo XSS almacenado en el plugin Strong Testimonials versiones anteriores a 2.40.1 para WordPress, puede resultar en que un atacante lleve a cabo acciones maliciosas como robar tokens de sesión. WordPress Strong Testimonials plugin version 2.40.1 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/156369/WordPress-Strong-Testimonials-2.40.1-Cross-Site-Scripting.html https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt https://wpvulndb.com/vulnerabilities/10056 https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-strong-testimonials-plugin https://www.jinsonvarghese.com/stored-xss-vulnerability-in-strong-testimonials-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •