twseptian's website

WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)

October 1, 2021 less than 1 minute read

Description The plugin does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform...

WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting

October 1, 2021 less than 1 minute read

Description The plugin does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site...

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code

October 1, 2021 less than 1 minute read

Description The plugin does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered...

twseptian

Recent posts

WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)

WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting

WP Courses LMS < 2.0.44 - Authenticated Stored XSS via Video Embed Code