Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Wp page builder'
2021-04-05
CVE-2021-24208
CWE-79
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the �??Raw HTML�?� widget and the �??Custom HTML�?� widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the �??page_builder_data�?� parameter when performing the �??wppb_page_save�?� AJAX action. It is also possible to insert malicious JavaScript via the �??wppb_page_css�?� parameter (this can be done by closing out the style tag and opening a script tag) when performing the �??wppb_page_save�?� AJAX action.
CVE-2021-24207
CWE-863
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
>>>
Vendor:
Themeum
4
Produkty
Tutor lms
Wp page builder
Qubely
Wp crowdfunding
Copyright
2024
, cxsecurity.com
Back to Top
Podatności dla 'Wp page builder' 
Polish
English