Canvas
Monthly
Stored Cross-Site Scripting in the Canvas plugin for WordPress (versions ≤ 2.5.2) allows an authenticated attacker holding contributor-level access or above to inject persistent JavaScript via the unsanitized 'tag' parameter in the block-section-heading Gutenberg block. The payload is stored in the database and executes in the browser of any user who subsequently loads the compromised page, enabling session hijacking, credential theft, or malicious redirects at scale. No active exploitation is confirmed (not listed in CISA KEV), but the low privilege bar makes this a realistic threat on multi-author WordPress installations; a fix is available in version 2.5.3.
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Stored Cross-Site Scripting in the Canvas plugin for WordPress (versions ≤ 2.5.2) allows an authenticated attacker holding contributor-level access or above to inject persistent JavaScript via the unsanitized 'tag' parameter in the block-section-heading Gutenberg block. The payload is stored in the database and executes in the browser of any user who subsequently loads the compromised page, enabling session hijacking, credential theft, or malicious redirects at scale. No active exploitation is confirmed (not listed in CISA KEV), but the low privilege bar makes this a realistic threat on multi-author WordPress installations; a fix is available in version 2.5.3.
A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Posts > Add New" action, and during creation of new tags and users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.