- IISv5 has a "Hit-highlighting" functionality that opens some site object and highlights some part of it, that has had a transversal vulnerability in the past. Now it can be used to bypass the IIS authentication.
Protect the files from the NTFS filesystem instead of relying on the
Microsoft recommends not to use IISv5 and update to IISv6.
- WordPress Plugin WooCommerce Currency Switcher Cross-Site Scripting (18.104.22.168)
- WordPress Plugin Visitor Maps and Who's Online Cross-Site Scripting (22.214.171.124)
- WordPress Plugin Bookly #1 WordPress Booking Plugin (Lite Version) Cross-Site Scripting (14.4)
- WordPress Plugin Email Encoder Bundle-Protect Email Address Multiple Cross-Site Scripting Vulnerabilities (1.4.3)
- WordPress Plugin The Events Calendar Open Redirect (4.1.1)