XSS / HTML injection vulnerability in WordPress Plugin Check (PCP) plugin.
The WordPress Plugin Check (PCP) plugin version 1.3.0 and below is prone to XSS/HTML injection.
The Ninja Technologies Network
The WordPress Plugin Check (PCP) plugin version 1.3.0 and below is prone to XSS/HTML injection.
With a proof of concept and a video, we explain in this post how hackers exploit XSS vulnerabilities in order to create administrator accounts on your blog.
The Visual Composer plugin for WordPress (80,000+ active installations) fixed multiple stored XSS vulnerabilities affecting version 26.0 and below.
Elementor Page Builder (4+ million installations), was prone to a broken access control vulnerability affecting version 2.9.7 and below that could lead to stored XSS vulnerability via SVG image upload.
The WordPress WP GDPR plugin, which has 6,000+ active installations, is prone to multiple unpatched critical vulnerabilities.