Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.

Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.

Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.

Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page.

Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.

Yandex Browser before 20.8.4 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite before 20.10.0 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.

Kirtikumar Anandrao Ramchandani

Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.

Kirtikumar Anandrao Ramchandani

Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.

Kirtikumar Anandrao Ramchandani

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.5.0.826.

An elevation of privilege vulnerability exists in Yandex Browser prior to 21.9.0.390.

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.801.

An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.684.

CVE-2022-28226: Яндекс Охота в Браузере

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress.

 Verified

 Fixed

**5.4**

CVSS 3.1 score Medium severity

Monitoring Coming soon

PSID 

680aa33be28a

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires contributor or higher role user authentication.

Publicly disclosed

2022-06-14

**Details**

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress XO Slider plugin (versions <= 3.3.2).

**Solution**

Update the WordPress XO Slider plugin to the latest available version (at least 3.3.3).

**References**

CVE-2022-32280: WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter.

**Vulnerability file:**

/main.js

let machine\_edit\_component \= Vue.component('Machine\_edit\_component',{
    template:\`
        <div class="container">
            <div id="machine-edit">
                <h2>✍ 正在编辑-{{machineDetail.name}} <span @click="goBack">🔙 返回</span><span @click="goDelete">🗑️ 删除</span></h2>
                <br/>
                <h3>基本信息</h3>
                <br/>
                <div class="form-input-material">
                    <input
                        class="form-control-material"
                        type="text"
                        name="name"
                        id="name"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.name"
                    />
                    <label for="name">小鸡名</label>
                </div>    
                <br/><br/>
                <div class="form-input-material">    
                    <input
                        class="form-control-material"
                        type="text"
                        name="fee"
                        id="fee"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.fee"
                    />
                    <label for="fee">每月费用</label>
                </div>  
                <br/><br/>  
                <div class="form-input-material">      
                    <input
                        class="form-control-material"
                        type="text"
                        name="host"
                        id="host"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.HOST"
                    />
                    <label for="host">主机商</label>
                </div>   
                <br/><br/> 
                <div class="form-input-material">      
                    <input
                        class="form-control-material"
                        type="text"
                        name="location"
                        id="location"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.location"
                    />
                    <label for="location">位置</label>
                </div>    
                <br/><br/>
                <div class="form-input-material">       
                    <input
                        class="form-control-material"
                        type="text"
                        name="ip"
                        id="ip"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.ip"
                    />
                    <label for="ip">IP</label>
                </div>    
                <br/><br/>
                <div class="form-input-material">       
                    <input
                        class="form-control-material"
                        type="text"
                        name="panel"
                        id="panel"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.panel"
                    />
                    <label for="panel">面板地址</label>
                </div>    
                <br/>
                <br/>
                <div class="form-input-material">       
                    <input
                        class="form-control-material"
                        type="text"
                        name="deadline"
                        id="deadline"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.deadline"
                    />
                    <label for="deadline">过期日期(yyyy-mm-dd)</label>
                </div> 
                <br/>
                <br/>
                <div class="form-input-material">       
                    <input
                        class="form-control-material"
                        type="text"
                        name="cycle"
                        id="cycle"
                        placeholder=" "
                        autocomplete="off"
                        v-model="machineDetail.cycle"
                    />
                    <label for="cycle">付款周期(天)</label>
                </div>
                <br/>
                <h3>自动续费开关</h3>
                    <div class="form-check">
                        <input type="radio" class="form-check-input bounce" id="auto-true" value="1" v-model="machineDetail.auto"/>
                        <label class="form-check-label" for="auto">自动续费</label>
                    </div>
                    <div class="form-check">
                        <input type="radio" class="form-check-input bounce" id="auto-false" value="0" v-model="machineDetail.auto"/>
                        <label class="form-check-label" for="auto">算了</label>
                    </div>
                <h3>加入收藏</h3>
                    <div class="form-check">
                        <input type="radio"  class="form-check-input bounce" value="1" v-model="machineDetail.liked"/>
                        <label class="form-check-label" for="liked">这必须收藏</label>
                    </div>
                    <div class="form-check">
                        <input type="radio" class="form-check-input bounce" value="0" v-model="machineDetail.liked"/>
                        <label class="form-check-label" for="liked">算了</label>
                    </div>
                    <br/>
                    <h3>备注</h3>
                    <textarea name="info" id="" cols="30" rows="10" v-model="machineDetail.info"></textarea>
                    <br><br>
                <button class="btn btn-primary" @click="update">保存</button>
                </div>
            </div>
        </div>
    \`,
    data:function (){
        return {
            machineDetail : \[\],
            logged: false
        }
    },
    methods:{
        getDetail: function(){
            let url \= window.location.href.replace(window.location.hash,'');
            axios.get(url + 'X/index.php?action=getMachineDetail&id=' + this.$route.params.id)
                .then((response)\=>{
                    this.machineDetail \= response.data\[0\]
               })
        },
        goBack: function(){
            this.$router.go(\-1)
        },
        goDelete: function(){
            this.$router.push({path:'/machine/'+this.$route.params.id+'/delete'})
        },
        update: function(){
            if(this.machineDetail\['name'\] !== '' && this.machineDetail\['liked'\] !== '' && this.machineDetail\['deadline'\] !== '' && this.machineDetail\['location'\] !== '' && this.machineDetail\['fee'\] !== '' && this.machineDetail\['cycle'\] !== '' && this.machineDetail\['auto'\] !== '' && this.machineDetail\['panel'\] !== ''  && this.machineDetail\['info'\] !== '' && this.machineDetail\['HOST'\] !== '' && this.machineDetail\['ip'\] !== ''){
                let url \= window.location.href.replace(window.location.hash,'');
                axios.get(url + 'X/index.php?action=updateMachineDetail&id='+this.$route.params.id + '&name='+this.machineDetail\['name'\]+'&liked='+this.machineDetail\['liked'\]+'&deadline='+this.machineDetail\['deadline'\]+'&location='+this.machineDetail\['location'\]+'&fee='+this.machineDetail\['fee'\]+'&cycle='+this.machineDetail\['cycle'\]+'&auto='+this.machineDetail\['auto'\]+'&panel='+this.machineDetail\['panel'\]+'&info='+this.machineDetail\['info'\]+'&HOST='+this.machineDetail\['HOST'\]+'&ip='+this.machineDetail\['ip'\])
                    .then((response)\=>{
                        if(response.data \=== 1){
                            alert("编辑成功")
                            this.$router.go(\-1)
                        }
                    })
            }else{
                alert('有什么东西没填完？');
            }
        }
    },
    mounted(){
        this.logged \= Cookies.get('UserStatus')
        if (this.logged !== 'true') {
            this.$router.push({path: '/u'})
        }
        this.getDetail();
    }
})

In the main.js file, the machineDetail parameter and the machineDetail parameter under the machineDetail.info method are controllable, and the machineDetail parameter is not strictly filtered, causing XSS injection vulnerabilities!

POC

    /X/index.php?action=updateMachineDetail&id=1&name=测试机&liked=1&deadline=2020-12-10&location=深圳&fee=10&cycle=30&auto=0&panel=baidu.com&info=<img src="x" onerror="alert(1);">&HOST=阿里云&ip=1.1.1.1

CVE-2021-41415: Subscription-Manager v1.0 /main.js hava a XSS Vulnerability · Issue #2 · youranreus/Subscription-Manager

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.

CVE-2022-24127: REDCap Change Log - Eastern Virginia Medical School (EVMS), Norfolk, Hampton Roads

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.

*   Details
*   Reviews
*   Installation
*   Support
*   Development

**Welcome to Hotel Booking WP plugin**

This plugin is an useful system to manage all your booking.

1.  Install and activate the plugin.

This plugin works fine as he promised, but have the worst html I've ever seen. All classes have a generic name, css customizations are impossible.

Sorry to say but html outputs from this plugin have the worst code quality I've ever seen. Everything have same class, no way to select specific element to apply custom css. If they want to apply 10px height, they have a class for that. Background white, another class for that and bla bla bla. This is the way this plugin shows button: <a style="border:2px solid #78635a; color:#78635a;" href=".." class="nd\_booking\_padding\_15\_30\_important nd\_options\_second\_font\_important nd\_booking\_border\_radius\_0\_important nd\_booking\_background\_color\_transparent\_important nd\_booking\_cursor\_pointer nd\_booking\_display\_inline\_block nd\_booking\_font\_size\_11 nd\_booking\_font\_weight\_bold nd\_booking\_letter\_spacing\_2" target="\_self">BOOK NOW FROM 25 $</a> Every element have same classes but not a single unique class to identify what the element is. This makes it impossible to customize elements

Excellent, but missing possibility to set up accommodation for children. For example: Room for two adults + one child (free).

a good plugin with great potential

Easy to use plugin, very good / luxury looking , you can see it there \[ link redacted \] Unfortunately it doesn't suit my particular needs so i had to uninstall it. Thank for your job.

Read all 6 reviews

“Hotel Booking” is open source software. The following people have contributed to this plugin.

Contributors

*    nicdark

**3.3**

*   improved sanitation on POST requests

**3.2**

*   Improved plugin security ( added realpath(), Data Sanitization/Escaping variables )
*   Added wpdb::prepare() function on db query

**3.1**

*   added layout 2 on room post grid ( elementor )
*   added images size option on room post grid ( elementor )
*   fixed math.round night number in single room
*   fixed maj text on calendar

**3.0**

*   elementor compatibility 3.6

**2.9**

*   added order elementor component
*   added steps elementor component
*   added static shortcode room
*   added static shortcode branch

**2.8**

*   added 3rd color in plugin colors
*   added themes label in admin plugin options
*   created mtbs woo on integration room options for link the room to woo product
*   added nd\_booking\_qnt\_room\_bookable() function for add availability alert on search page room preview
*   added mandatory additional service ( example : cleaning fee )
*   added elementor search and rooms post grid component
*   added ical download reservations

**2.7**

*   added alert messages addons
*   added info price icon addons on room preview in the search page
*   added branch selector addons in the search page

**2.6**

*   updated metabox function for save all datas in db ( deleted all empty meta datas )
*   changed exceptions date format
*   changed single room layout

**2.5**

*   added nonce on ajax calls

**2.4.2**

*   sanitize POST and REQUEST calls
*   added wp\_remote\_get() function for external requests ( stripe,paypal )

**2.4.1**

*   sanitize, validate, and escape all datas on POST and GET requests
*   improved plugins\_url()
*   added nonce on ajax calls
*   removed import/export feature

**2.4**

*   added some IDs on elements

**2.3.9**

*   added compatibility with latest wp version

**2.3.8**

*   added the possibility to change the slug for custom post type 1
*   improved the export option feature

**2.3.7**

*   changed some 404 static link

**2.3.6**

*   fixed post\_id null variable on paypal payment

**2.3.5**

*   add new layout 5 on rooms component
*   add new layout 2 on search component
*   added new classes on style.css
*   implemented ajax services filter on search results shortcode
*   updated .pot file

**2.3.4**

*   added the possibility to blog the reservation on certain days
*   added minimum booking days option

**2.3.3**

*   updated languages .pot file
*   added Stripe payment methods addon
*   added VAT and City TAX management
*   added the possibility to add orders via admin panel

**2.3.2**

*   updated languages .pot file
*   added the possibility to link translated room with its default room when using WPML
*   fixed date format when user book a room in the current day

**2.3.1**

*   fixed special characters in order notification emails
*   added wp\_mail() function to send email notifications

**2.3.0**

*   show all rooms in calendar view dashboard feature
*   added new translations strings on email template
*   added new translations strings on thank you and order page
*   fixed week price problem on single room page
*   extended the custom link feature for single room page

**2.2.9**

*   direct booking access from the single room page

**2.2.8**

*   updated .pot language file
*   updated date picker language with date\_i18n function
*   added register and login alert on booking step

**2.2.7**

*   added calendar view for better orders management

**2.2.6**

*   added coupon management
*   added price guests options on plugin settings

**2.2.5**

*   added new quantity options on room settings metabox

**2.2.4**

*   added the possibility to set in plugin settings the price range values on the search archive page.

**2.2.3**

*   added translations for date picker
*   added action parameter on search visual composer component for WPML integration
*   updated nd-booking.pot file with new translations

**2.2.2**

*   added email notification templates
*   solved integer night number on search shortcode

**2.2.1**

*   update nd\_booking\_get\_room\_link() function

**2.2**

*   improve external booking integration implementation

**2.1**

*   added layout-2 for steps and orders components ( for better color management )
*   added ID in some elements
*   added some new css rules

**2.0**

*   create new cpt
*   create new metabox

**1.0**

*   Initial version

CVE-2022-29443: Hotel Booking

A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component.

Nmap Announce Nmap Dev Full Disclosure Security Lists Internet Issues Open Source Dev

**Full Disclosure mailing list archives**

_From_: David Wearing <wearing () google com>  
_Date_: Thu, 16 Mar 2017 16:47:27 +1100  

Introduction

============

Vulnerabilities were identified in the camera software by Axis.  These were
discovered during a black box assessment and therefore the vulnerability
list should not be considered exhaustive; observations suggest that it is
likely that further vulnerabilities exist.

Affected Software And Versions

==============================


Model P1204, software versions <= 5.50.4

Model P3225, software versions <= 6.30.1

Model P3367, software versions <= 6.10.1.2

Model M3045, software versions <= 6.15.4.1

Model M3005, software versions <= 5.50.5.7

Model M3007, software versions <= 6.30.1.1

CVE

===

No CVEs have been assigned to these vulnerabilities.


Vulnerability Overview

======================

1. Axis01: No cross-site request forgery protections

2. Axis02: Bypass manual checks for XSS

3. Axis03: Web services run as root

4. Axis04: Script editor function allows for arbitrary write as root on
successful CSRF attack

5. Axis05: root setuid .CGI scripts and binaries present

6. Axis06: Inability to disable the http interface

Vulnerability Details

=====================

---------------------------------------------

1. Axis01: No cross-site request forgery protections

---------------------------------------------

Axis software does not have any cross-site request forgery protection
within the management interface. Axis provide guidance on risk mitigation
for CSRF only.

https://www.axis.com/files/faq/Advisory\_Cross-Site\_Request\_Forgery.pdf

--------------------------------------------------

2. Axis02: Bypass manual checks for XSS

--------------------------------------------------

Axis software on the camera has client-side JavaScript to try and remove
XSS payloads. No server-side security checks are present. Viewers or lower
privileged users of cameras exposed to the internet or corporate networks
may be able to store persistent XSS payloads.

Example of code in language\_incl.js used to detect and remove malicious
javaScript shown below:

if( data.toLowerCase().indexOf(\\"<script\\") != -1 ||
data.toLowerCase().indexOf(\\"</script\\") != -1 )


-----------------------------------------------

3. Axis03: Web service runs as root

-----------------------------------------------

The versions of Axis software tested have a BOA server (boa) running as
root. BOA is an ancient web server and no longer maintained since approx.
2005. Fuzzing of the process using off-the-shelf fuzzers result in crashes
that have not yet been investigated further.

Axis software versions >5.70 have replaced BOA with Apache.


-----------------------------------------------

4. Axis04: Script editor function allows for arbitrary write as root on
successful CSRF attack

-----------------------------------------------

A script editor function “/admin-bin/editcgi.cgi” can be used to write as
root to the device, due to Axis01 lack of CSRF protection, this can be
exploited to write over /etc/shadow and obtain root access to the device,
as well as backdoor the device.

Proof of concept to overwrite /etc/shadow file:

<body>
<form action="https://<ip-of-axis-camera|hostname>/admin-bin/editcgi.cgi?file=/etc/shadow"
method="POST" >
<input type="hidden" name="save&#95;file" value="&#47;etc&#47;shadow" />
<input type="hidden" name="mode" value="0100600" />
<input type="hidden" name="convert&#95;crlf&#95;to&#95;lf" value="on" />
<input type="hidden" name="content" value="#####INPUT HTML ENCODED SHADOW
HERE##### " />
<input type="submit" value="Submit request" />
</form>
</body>

-----------------------------------------------

5. Axis05: root setuid .CGI scripts and binaries present

-----------------------------------------------

Multiple root setuid .CGI scripts and binaries are present. The CGI scripts
manage web session temp files,group memberships and functionality of the
camera. Exploitable vulnerabilities in any will provide root access to the
camera.

E.g /axis-cgi/admin/param.cgi & /axis-cgi/admin/pwdgrp.cgi which allows for
changing user and group passwords.

-----------------------------------------------

6. Axis06: Inability to disable the HTTP interface

-----------------------------------------------

No option existed in Axis software to disable the HTTP interface. The web
server will always listen on all network interfaces of the camera, which
makes these cameras trivial to find on the internet e.g. using Shodan.

E.g port 80 is listening and /httpDisabled.shtml is always accessible.

Axis advise to move the web server listening port to another port.

Mitigation

==========

Axis released zero advisories related to the issues reported here.

Axis recommends following their hardening guide available on:
https://www.axis.com/mu/en/support/product-security

For the vulnerabilities related to Axis02, Axis03 and Axis06 Axis has
recommended to upgrade Axis software to versions >5.70 or use the new Axis
platform with >7.10 versions. Versions other than those listed here have
not been tested to confirm these vulnerabilities have been fixed.

Author

======

The vulnerabilities were discovered by David Wearing from Google Security
Team.

Timeline

========

2016/11/24 - Security report sent to Axis with 90 day disclosure deadline
(2017/02/24).

2016/12/02 - Axis acknowledges report and starts working on the issues.

2016/12/06 - Pinged for patch ETA.

2016/12/09 - Pinged for patch ETA.

2017/01/11 - Pinged for patch ETA.

2017/01/12 - Response from Axis Security listing multiple issues as having
been fixed in the new firmware versions. Redesign of CGI scripts to be
interfaces confirmed.

2017/01/25 - Send query regarding the lack of CSRF protections and if
changes to handling of XSS was to occur.

2017/02/28 - Request to Axis on any advice or mitigations they want to
include in the post.

2017/03/02 - Pinged Axis.

2017/03/02 - Response from Axis including advice on mitigation of CSRF.

2017/03/05 - Review of mitigations provided to Axis

2017/03/10 - Discussions with Axis on post.

2017/03/15 - Public disclosure.

\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

**Current thread:**

*   **Axis Camera Multiple Vulnerabilities** _David Wearing (Mar 16)_

CVE-2017-20050: Full Disclosure: Axis Camera Multiple Vulnerabilities

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress.

 Not fixed

**5.4**

CVSS 3.1 score Medium severity

Monitoring Coming soon

Software

Promotion Slider

Vulnerable versions

<= 3.3.4

PSID 

8b23bfdb3722

Classification 

Cross Site Scripting (XSS)

OWASP Top 10 

A7: Cross-Site Scripting (XSS)

Required privilege 

Requires contributor or higher role user authentication.

Publicly disclosed

2022-05-26

**Details**

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities were discovered by Ngo Van Thien (Patchstack Alliance) in the WordPress Promotion Slider plugin (versions <= 3.3.4).

**Solution**

Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.

**References**

CVE-2022-29440 Plugin page

CVE-2022-29440: WordPress Promotion Slider plugin <= 3.3.4 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities - Patchstack

Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.

Wasn't getting email notifications when a message was sent to inbox. Found in send-page.php (plugins/pm4wp/inc/send-page.php) the following code... $recipient\_email = $wpdb->get\_var( "SELECT user\_email from $wpdb->users WHERE display\_name = '$rec'" ); ...on line 120 needed to be changed with... $recipient\_email = $wpdb->get\_var( "SELECT user\_email from $wpdb->users WHERE user\_login = '$rec'" ); ...as it was trying to pull with username, not display name. Hope this helps anyone running into the same issue.

Read all 11 reviews

“Private Messages For WordPress” is open source software. The following people have contributed to this plugin.

Contributors

*    Anh Tran

CVE-2022-29442: Private Messages For WordPress

There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.

Directly "echo" the GET parameters in multiple template files, so that the filtering in the system is ineffective, resulting in XSS vulnerabilities.  
phpcms/modules/admin/templates/ip\_search\_list.tpl.php  

payload：  
http://host-web/index.php?m=admin&c=ipbanned&a=search\_ip&search\[ip\]=11111%%27&dosubmit=%E6%90%9C%E7%B4%A2&pc\_hash=iOuPFL&menuid=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E  

Many template files in the project code have this problem.

phpcms/modules/admin/templates/log\_list.tpl.php  
phpcms/modules/admin/templates/setting.tpl.php  
and many more  
  

It is recommended to add a way to pass parameters to the template file instead of directly obtaining these parameters such as GET or POST.

CVE-2021-40910: Multiple reflective XSS vulnerabilities on the management side · Issue #I493K8 · Snow/phpcms - Gitee.com

Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress.

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.

This plugin provides 1 block.

*   Slider

Not possible to use youtube video

Its Very Easy – and super classy – got it on my first try – was able to adjust it exactly the way i wanted it . . I HIGHLY Recommend.

This is basically all i needed for my website.Thanks lot!

awesome support and functional plugin!

I use this plugin literally on all of my WP websites

This is one of the plugins I install for my client's websites as it is not complicated even for beginners.

Read all 9 reviews

“Image Slider by NextCode – Photo & Video SLider” is open source software. The following people have contributed to this plugin.

Contributors

*    NextCode

Tag

#xss