2 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

17 Jan 2022 — The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin El plugin Form Store to DB de WordPress versiones anteriores a 1.1.1, no sanea ni escapa las claves de los parámetros antes de devolverlos a la entrada creada, permitiendo a un atacante no autenticado llevar a cabo ataques de tipo Cross-Site Scripting contra el administrador • https://plugins.trac.wordpress.org/changeset/2657583 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 93EXPL: 2

13 Oct 2021 — Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to avoid any confusion Numerosos plugins y temas del proveedor de AccessPress Themes (también se conoce como Access Keys) han sido perjudicados debido a que su sitio web ha sido comprometido. Sólo están afectados los... • https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes • CWE-912: Hidden Functionality •