प्लगइन का नाम	SEO के लिए वाक्य (कीवर्ड, विवरण और टैग)
कमजोरियों का प्रकार	क्रॉस-साइट स्क्रिप्टिंग (XSS)
CVE संख्या	CVE-2026-4142
तात्कालिकता	कम
CVE प्रकाशन तिथि	2026-04-22
स्रोत URL	CVE-2026-4142

वाक्य को SEO में प्रमाणित प्रशासक द्वारा संग्रहीत XSS (≤ 1.0) — वर्डप्रेस साइट के मालिकों को अब क्या करना चाहिए

लेखक: हांगकांग सुरक्षा विशेषज्ञ

तारीख: 2026-04-21

सारांश: एक संग्रहीत क्रॉस-साइट स्क्रिप्टिंग (XSS) सुरक्षा दोष (CVE-2026-4142) “Sentence To SEO (keywords, description and tags)” वर्डप्रेस प्लगइन में रिपोर्ट किया गया है - जो संस्करण ≤ 1.0 को प्रभावित करता है। यह दोष एक प्रमाणित प्रशासक को HTML/JavaScript इंजेक्ट करने की अनुमति देता है जो संग्रहीत होता है और बाद में निष्पादित होता है। जबकि CVSS अपेक्षाकृत कम है (4.4), एक प्रशासक संदर्भ में संग्रहीत XSS हमलावरों के लिए एक शक्तिशाली कदम हो सकता है यदि एक प्रशासक खाता समझौता या दुरुपयोग किया जाता है। यह पोस्ट जोखिम, पहचान, नियंत्रण, और व्यावहारिक शमन कदमों को समझाती है जो आपको अभी उठाने चाहिए।.

क्या हुआ (संक्षेप में)

सुरक्षा शोधकर्ताओं ने वर्डप्रेस के लिए वाक्य को SEO (कीवर्ड, विवरण और टैग) प्लगइन में एक संग्रहीत क्रॉस-साइट स्क्रिप्टिंग (XSS) भेद्यता का खुलासा किया, जिसे CVE-2026-4142 के रूप में ट्रैक किया गया। यह समस्या संस्करण 1.0 तक और उसमें मौजूद है। यह एक प्रमाणित उपयोगकर्ता को प्रशासक विशेषाधिकार के साथ प्लगइन-प्रबंधित फ़ील्ड में तैयार की गई सामग्री (HTML/JS) को सहेजने की अनुमति देता है। वह सामग्री बाद में उचित एस्केपिंग के बिना प्रस्तुत की जाती है, जिससे प्रभावित प्रशासक या फ्रंटेंड पृष्ठ को देखने वाले उपयोगकर्ताओं के संदर्भ में स्क्रिप्ट निष्पादित होती हैं।.

भेद्यता का तकनीकी सारांश

भेद्यता प्रकार: संग्रहीत क्रॉस-साइट स्क्रिप्टिंग (Stored-XSS)।.
प्रभावित सॉफ़्टवेयर: वाक्य को SEO (कीवर्ड, विवरण और टैग) वर्डप्रेस प्लगइन।.
कमजोर संस्करण: ≤ 1.0।.
15. प्रभाव: गोपनीयता उल्लंघन — वेब सर्वर पर फ़ाइलें पढ़ी और डाउनलोड की जा सकती हैं।.
CVE: CVE-2026-4142।.
प्रभाव: प्रशासनिक या संभवतः सार्वजनिक संदर्भों में स्क्रिप्ट निष्पादन जो हमलों को बढ़ाने के लिए उपयोग किया जा सकता है (सत्र चोरी, CSRF, प्रशासक संचालन, बैकडोर स्थापना), इस पर निर्भर करता है कि पैकेज कहाँ निष्पादित होता है।.
मूल कारण: प्लगइन मेटाडेटा, कीवर्ड, या टैग के लिए प्रशासक इनपुट स्वीकार करता है और इसे उचित सफाई/एस्केपिंग के बिना बाद में आउटपुट करता है (wp_kses, esc_html/esc_attr, आदि की कमी)।.

नोट: यह कमजोरियां प्रमाणित हैं (एक व्यवस्थापक उपयोगकर्ता की आवश्यकता होती है) और संग्रहीत हैं (पेलोड डेटाबेस में बने रहते हैं)। हालांकि प्रारंभिक जोखिम वेक्टर किसी ऐसे व्यक्ति तक सीमित है जिसके पास पहले से व्यवस्थापक क्षमताएं हैं, वास्तविक दुनिया के हमलों में अक्सर फ़िशिंग, चुराए गए पासवर्ड, या खराब आंतरिक नियंत्रणों के माध्यम से व्यवस्थापक क्रेडेंशियल प्राप्त करने के बाद पार्श्व चालें शामिल होती हैं।.

“कम” गंभीरता का मतलब “अनदेखा करें” नहीं है”

एक CVSS 4.4 (या समान) रेटिंग प्रभाव और शोषणीयता का सीमित दृष्टिकोण दर्शाती है। वर्डप्रेस साइटों के लिए:

व्यवस्थापक खाते प्रमुख लक्ष्य होते हैं - एक बार जब एक हमलावर एक व्यवस्थापक खाते को नियंत्रित कर लेता है, तो वे बैकडोर स्थापित कर सकते हैं, नए व्यवस्थापक उपयोगकर्ता बना सकते हैं, या डेटा निर्यात कर सकते हैं।.
व्यवस्थापक यूआई में प्रमाणित संग्रहीत XSS को पूर्ण साइट समझौते में परिवर्तित किया जा सकता है (क्रेडेंशियल्स को निकालना, पीड़ित व्यवस्थापक के ब्राउज़र के माध्यम से क्रियाएं करना, दुर्भावनापूर्ण प्लगइन्स स्थापित करना)।.
कई समझौते क्रेडेंशियल पुन: उपयोग या सामाजिक इंजीनियरिंग से शुरू होते हैं; कमजोरियां जो व्यवस्थापक विशेषाधिकार की आवश्यकता होती हैं, एक बार क्रेडेंशियल प्राप्त होने पर हमलों को बढ़ाने के लिए बाधा को कम करती हैं।.

एक मापी गई प्रतिक्रिया की आवश्यकता है: तुरंत पैच या आभासी पैच करें और पिछले शोषण के लिए ऑडिट करें।.

कौन प्रभावित है और हमले के वेक्टर

प्रभावित पक्ष: कोई भी वर्डप्रेस साइट जो Sentence To SEO प्लगइन संस्करण 1.0 या उससे नीचे चला रही है।.
हमले की पूर्वापेक्षाएँ: एक हमलावर को एक व्यवस्थापक खाता चाहिए, या एक व्यवस्थापक को एक हमलावर-नियंत्रित लिंक पर जाने की क्षमता चाहिए जो व्यवस्थापक संदर्भ में संग्रहीत XSS को ट्रिगर करता है।.
सामान्य हमले के वेक्टर:
- दुर्भावनापूर्ण व्यवस्थापक (आंतरिक खतरा) प्लगइन सेटिंग्स या मेटाडेटा में स्क्रिप्ट जोड़ता है।.
- समझौता किया गया व्यवस्थापक खाता (क्रेडेंशियल पुन: उपयोग / फ़िशिंग) पेलोड को इंजेक्ट करने के लिए उपयोग किया जाता है।.
- संग्रहीत XSS पेलोड तब निष्पादित होता है जब एक व्यवस्थापक या अन्य उपयोगकर्ता प्रभावित स्क्रीन (व्यवस्थापक सेटिंग्स पृष्ठ, पोस्ट संपादक, वर्गीकरण पृष्ठ, या फ्रंटेंड आउटपुट) को देखता है।.

एक हमलावर कैसे प्रशासक संग्रहीत XSS का दुरुपयोग कर सकता है

एक व्यवस्थापक इंटरफ़ेस में संग्रहीत XSS शक्तिशाली है क्योंकि व्यवस्थापकों के लिए ब्राउज़र संदर्भ में अक्सर उच्च विशेषाधिकार और सक्रिय सत्र शामिल होते हैं। दुरुपयोग के उदाहरण:

व्यवस्थापक कुकीज़ या सत्र टोकन चुराना, हमलावर को व्यवस्थापक का अनुकरण करने में सक्षम बनाना।.
प्रशासक के ब्राउज़र का उपयोग करके क्रियाएँ करें (नया प्रशासक उपयोगकर्ता बनाएं, दुर्भावनापूर्ण प्लगइन/थीम स्थापित करें, DNS/सेटिंग्स बदलें)।.
व्यवस्थापक स्क्रीन के माध्यम से सुलभ कॉन्फ़िगरेशन डेटा, API कुंजी, या डेटाबेस सामग्री को निकालना।.
दूसरे चरण के पेलोड वितरित करना जो हमलावर C2 सर्वरों से संपर्क करते हैं, सफाई और पहचान को कठिन बनाते हैं।.

क्योंकि कमजोर क्षेत्र संग्रहीत है, दुर्भावनापूर्ण कोड पुनरारंभों के माध्यम से जीवित रह सकता है और बैकअप और निर्यात में बना रह सकता है - सुधार की जटिलता बढ़ाना।.

तात्कालिक शमन कदम (त्वरित चेकलिस्ट)

यदि आप वर्डप्रेस चलाते हैं और इस प्लगइन को स्थापित किया है, तो तुरंत निम्नलिखित करें:

प्लगइन संस्करण पहचानें:
- WP Admin → Plugins → “Sentence To SEO” खोजें और संस्करण नोट करें।.
यदि आप ≤ 1.0 चला रहे हैं:
- यदि आप इसकी कार्यक्षमता के अस्थायी नुकसान को सहन कर सकते हैं, तो तुरंत प्लगइन को निष्क्रिय करें।.
- यदि आप निष्क्रिय नहीं कर सकते हैं, तो प्रशासनिक इंटरफ़ेस तक पहुँच को सीमित करें (नीचे देखें)।.
सभी व्यवस्थापक पासवर्ड को बदलें और सुनिश्चित करें कि पासवर्ड अद्वितीय हैं / पासवर्ड प्रबंधक का उपयोग करें।.
सभी प्रशासनिक खातों के लिए MFA सक्षम करें।.
प्लगइन एंडपॉइंट्स को लक्षित करने वाले स्पष्ट स्क्रिप्ट पेलोड्स को ब्लॉक करने के लिए वेब/ऐप्लिकेशन पर इनपुट फ़िल्टर लागू करें (WAF या समकक्ष)।.
संदिग्ध स्क्रिप्ट टैग या डेटाबेस और प्लगइन विकल्प प्रविष्टियों में प्रविष्टियों की खोज करें (नीचे दिए गए आदेश)।.</li> <li>विश्वसनीय मैलवेयर स्कैनरों के साथ साइट को स्कैन करें और फ़ाइल की अखंडता की जांच करें।.</li> <li>यदि आपको समझौता होने का संदेह है, तो नीचे दिए गए घटना प्रतिक्रिया प्लेबुक का पालन करें (अलग करें और पुनर्स्थापित करें)।.</li> </ol> <p>यदि कोई आधिकारिक विक्रेता पैच जारी किया गया है, तो तुरंत अपडेट करें। यदि कोई पैच उपलब्ध नहीं है, तो आभासी पैचिंग का उपयोग करना जारी रखें और विक्रेता सुधार तैयार होने तक प्रशासनिक एक्सपोजर को कम करें।.</p> </section> <section id="remediation-plan"> <h2 id="detailed-remediation-and-recovery-plan">विस्तृत सुधार और पुनर्प्राप्ति योजना</h2> <ol> <li><strong>सूची और संस्करण</strong> <ul> <li>सभी वर्डप्रेस साइटों की सूची बनाएं और जांचें कि क्या प्लगइन स्थापित है और कौन सा संस्करण है: <pre><code>wp plugin list --status=सक्रिय --format=तालिका</code></pre> </li> <li>यदि प्लगइन मौजूद है और संस्करण ≤ 1.0 है, तो तुरंत निष्क्रिय करने पर विचार करें।.</li> </ul> </li> <li><strong>बैकअप (एक सुरक्षित प्रति लें)</strong> <ul> <li>किसी भी सुधार से पहले एक पूर्ण बैकअप (डेटाबेस + फ़ाइलें) लें और फोरेंसिक साक्ष्य को संरक्षित करने के लिए ऑफ़लाइन स्टोर करें।.</li> <li>नोट: बैकअप में पहले से ही दुर्भावनापूर्ण पेलोड हो सकते हैं - उन्हें सावधानी से संभालें।.</li> </ul> </li> <li><strong>सीमित करें</strong> <ul> <li>अस्थायी रूप से प्लगइन को निष्क्रिय करें।.</li> <li>यदि निष्क्रिय करने से साइट की कार्यक्षमता टूटती है, तो IP द्वारा /wp-admin पहुँच को सीमित करें या काम करते समय HTTP बेसिक ऑथ को सक्षम करें।.</li> <li>प्लगइन के एंडपॉइंट्स के लिए संदिग्ध स्क्रिप्ट फ़्रैगमेंट्स को शामिल करने वाले POST/PUT सबमिशन को ब्लॉक करने के लिए वेब पर आभासी पैच नियम लागू करें।.</li> </ul> </li> <li><strong>क्रेडेंशियल्स और खाते</strong> <ul> <li>सभी प्रशासकों के लिए पासवर्ड रीसेट करने के लिए मजबूर करें।.</li> <li>अज्ञात व्यवस्थापक खातों को हटा दें।.</li> <li>सभी व्यवस्थापकों के लिए मजबूत पासवर्ड लागू करें और 2FA सक्षम करें।.</li> </ul> </li> <li><strong>डेटाबेस को साफ करें</strong> <ul> <li>विकल्पों, पोस्टमेटा, टर्ममेटा, यूजरमेटा, या प्लगइन-विशिष्ट तालिकाओं में इंजेक्ट किए गए संग्रहीत स्क्रिप्ट टैग खोजें और हटाएं:</li> <li>उदाहरण SQL (सावधानी से उपयोग करें): <pre><code>SELECT option_id, option_name FROM wp_options WHERE option_value LIKE '%<script%'; SELECT post_id, meta_key FROM wp_postmeta WHERE meta_value LIKE '%<script%';</code></pre> </li> <li>Remove known payloads: use wp-cli search-replace with careful regular expressions or export → sanitize → reimport.</li> <li>Prefer targeted cleanup (wp-cli, controlled search/replace) over blind DELETEs.</li> </ul> </li> <li><strong>Scan files & plugins</strong> <ul> <li>Scan the wp-content folder and core files for unknown or modified PHP files.</li> <li>Compare file hashes to a clean WordPress core to detect new/changed files.</li> </ul> </li> <li><strong>Restore or cleanup</strong> <ul> <li>If cleanup is possible and you’re confident, remove the malicious injected code and re-enable the plugin once patched or safe.</li> <li>If the site is heavily compromised, consider restoring from a clean backup created before the compromise date.</li> </ul> </li> <li><strong>Patch and update</strong> <ul> <li>When the plugin author releases a patch, update to the fixed version promptly.</li> <li>Re-scan after patch to ensure no persistence remains.</li> </ul> </li> <li><strong>Follow up</strong> <ul> <li>Audit logs to see how and when the injection occurred.</li> <li>Create a timeline of events and document remediation steps.</li> </ul> </li> </ol> </section> <section id="detect-exploitation"> <h2 id="how-to-detect-past-exploitation-and-find-malicious-payloads">How to detect past exploitation and find malicious payloads</h2> <p>Stored XSS payloads are often simple script tags, event handlers, or encoded HTML. Detection steps:</p> <ul> <li><strong>Database searches</strong> <ul> <li>Search for <code><script</code>, <code>onerror=</code>, <code>onload=</code>, <code>javascript:</code>, <code><iframe</code>, <code>src="data:text/html,</code> in these tables: <ul> <li>wp_options, wp_postmeta, wp_posts (post_content), wp_terms and termmeta, wp_usermeta.</li> </ul> </li> </ul> </li> <li><strong>WP‑CLI useful commands</strong> <ul> <li><code>wp search-replace '<script' '' --skip-columns=guid --dry-run</code></li> <li><code>wp db query "SELECT ID, post_title FROM wp_posts WHERE post_content LIKE '%<script%';"</code></li> </ul> </li> <li><strong>File system scan</strong> <ul> <li>Grep for suspicious PHP functions: <code>base64_decode</code>, <code>gzinflate</code>, <code>eval</code> patterns: <pre><code>grep -R --exclude-dir=wp-includes --exclude-dir=wp-admin -n "base64_decode" .</code></pre> </li> </ul> </li> <li><strong>Webserver access logs and admin action logs</strong> <ul> <li>Look for POST requests to plugin endpoints or options.php edit actions around suspicious timestamps.</li> </ul> </li> <li><strong>Browser console traces and admin page review</strong> <ul> <li>Log into admin and inspect pages related to the plugin settings. If any content changes unexpectedly or you see unusual UI elements, investigate.</li> </ul> </li> </ul> <p>If you discover injected scripts, preserve the evidence, note timestamps, and follow the containment steps above.</p> </section> <section id="hardening"> <h2 id="hardening-and-prevention-wordpress-best-practices">Hardening and prevention (WordPress best practices)</h2> <ul> <li><strong>Principle of least privilege:</strong> Limit the number of admin accounts. Use Editor-level accounts for content editors and separate accounts for site ops.</li> <li><strong>Multi-Factor Authentication:</strong> Enforce MFA for all administrator-level users.</li> <li><strong>Strong password policy:</strong> Use a password manager and enforce unique, long passwords.</li> <li><strong>Reduce admin exposure:</strong> Restrict /wp-admin and /wp-login.php by IP where possible, or present an HTTP basic authentication layer.</li> <li><strong>Regular plugin hygiene:</strong> Remove unused plugins and themes; only install plugins from reputable sources and check reviews, active installs, and last updated date.</li> <li><strong>Regular updates:</strong> Keep WordPress core, themes, and plugins updated. Automate minor and security updates where possible.</li> <li><strong>Harden file and filesystem permissions:</strong> Ensure file permissions are restrictive (files 644, folders 755) and ownerships are correct for your hosting environment.</li> <li><strong>Content sanitization practices for developers:</strong> Always sanitize input using <code>sanitize_text_field()</code>, <code>wp_kses_post()</code>, or custom <code>wp_kses()</code> rules. Escape output with <code>esc_html()</code>, <code>esc_attr()</code>, <code>esc_url()</code>. Verify capability checks (<code>current_user_can()</code>) and use nonces for admin POSTs.</li> <li><strong>Logging and monitoring:</strong> Enable audit logging and review admin actions regularly. Monitor file integrity and alert on unexpected changes.</li> </ul> </section> <section id="waf-rules"> <h2 id="waf-rules-and-virtual-patch-suggestions-recommended-rule-patterns">WAF rules and virtual patch suggestions (recommended rule patterns)</h2> <p>If the vendor patch is not yet available or you prefer layered defence, apply web-layer rules that mitigate stored XSS in admin inputs. Tune rules to avoid false positives.</p> <ol> <li><strong>Block script tag payloads in admin POSTs</strong> <ul> <li>Condition: Request URI matches admin plugin endpoints or options.php and HTTP POST body contains “<code><script</code>” or “<code>javascript:</code>” or “<code>onerror=</code>“.</li> <li>Action: Block or challenge (captcha) with a 403/Challenge response.</li> </ul> </li> <li><strong>Block common XSS payload encodings</strong> <ul> <li>Look for encoded forms like <code>%3Cscript%3E</code>, <code>\x3cscript</code>, or base64 payloads in POST content. Deny requests if payload is detected in plugin option keys or metadata fields.</li> </ul> </li> <li><strong>Limit allowed characters for SEO fields</strong> <ul> <li>Many plugin fields (keywords, tags, meta descriptions) should allow only safe characters — letters, numbers, punctuation. Block angle brackets (<code><</code>, <code>></code>) and on* attributes.</li> <li>Example rule: Deny POST where meta_description matches /[<>]/ or contains “onmouseover|onerror|javascript:”.</li> </ul> </li> <li><strong>Protect plugin settings pages specifically</strong> <ul> <li>If the plugin admin pages are detected at <code>/wp-admin/admin.php?page=sentence-to-seo</code> (example), apply stricter POST filters and rate limits on settings saves.</li> </ul> </li> <li><strong>Protect administrator sessions</strong> <ul> <li>Block suspicious IPs, geolocations, or UA strings with excessive admin POST activity. Enforce 2FA checkpoints for settings modifications where possible.</li> </ul> </li> <li><strong>Logging & alerting</strong> <ul> <li>Log and alert on every blocked POST to plugin admin pages containing suspicious patterns for manual review.</li> </ul> </li> </ol> <p>Note: Virtual patching is a temporary mitigation and not a substitute for a vendor fix. Once the plugin is updated, remove temporary rules that interfere with legitimate functionality.</p> </section> <section id="incident-response"> <h2 id="incident-response-playbook-if-you-suspect-compromise">Incident response playbook (if you suspect compromise)</h2> <ol> <li><strong>Triage</strong> <ul> <li>Take site offline or enable maintenance mode if public safety is a concern.</li> <li>Capture current system state: database dump, file listing, access logs.</li> </ul> </li> <li><strong>Contain</strong> <ul> <li>Disable the vulnerable plugin; block admin access from public Internet if possible.</li> <li>Rotate admin credentials and API keys.</li> </ul> </li> <li><strong>Analyze</strong> <ul> <li>Identify persistence mechanisms: scheduled tasks, new plugin/theme files, modified core files.</li> <li>Look for webshells or unknown PHP files in uploads, themes, or wp-content.</li> </ul> </li> <li><strong>Eradicate</strong> <ul> <li>Remove or quarantine malicious files.</li> <li>Clean injected database values and remove unauthorized users.</li> </ul> </li> <li><strong>Recover</strong> <ul> <li>Restore from clean backup, or after cleaning, continue to monitor in an isolated environment and then re-enable live traffic.</li> </ul> </li> <li><strong>Lessons learned</strong> <ul> <li>Document the attack chain and strengthen defenses: MFA adoption, admin access hardening, plugin update policy.</li> </ul> </li> <li><strong>Notify</strong> <ul> <li>If sensitive data was exposed, comply with reporting requirements applicable to your jurisdiction.</li> </ul> </li> <li><strong>Post‑incident monitoring</strong> <ul> <li>Keep elevated monitoring for at least 30 days and review logs for signs of re‑entry.</li> </ul> </li> </ol> </section> <section id="developer-tips"> <h2 id="practical-code-checks-and-developer-tips">Practical code checks and developer tips</h2> <p>If you maintain plugins or custom themes, follow these code-level rules to avoid similar vulnerabilities:</p> <ul> <li><strong>Always sanitize inputs</strong>: <ul> <li>For simple text: <code>sanitize_text_field( $_POST['field'] );</code></li> <li>For limited HTML: <code>wp_kses( $_POST['field'], $allowed_html );</code></li> </ul> </li> <li><strong>Escape outputs appropriately</strong>: <ul> <li><code>esc_html()</code> for element content.</li> <li><code>esc_attr()</code> for attribute values.</li> <li><code>esc_url()</code> for URLs.</li> </ul> </li> <li><strong>Use nonces and capability checks for all admin actions</strong>: <ul> <li><code>check_admin_referer( 'my_action_nonce' );</code></li> <li><code>if ( ! current_user_can( 'manage_options' ) ) { wp_die( 'Insufficient permissions' ); }</code></li> </ul> </li> <li><strong>Avoid echoing unsanitized admin options</strong>: <ul> <li><code>echo esc_attr( get_option( 'my_plugin_setting' ) );</code></li> </ul> </li> <li><strong>Constrain allowed characters in SEO fields</strong>: <ul> <li>Use <code>preg_replace</code> to strip angle brackets and event handler attributes from fields that should be plain text.</li> </ul> </li> </ul> <p>Example: sanitize and save meta safely:</p> <pre><code><?php if ( isset( $_POST['my_meta_field'] ) && check_admin_referer( 'my_meta_nonce', 'my_meta_nonce_field' ) ) { if ( current_user_can( 'edit_post', $post_id ) ) { $clean_value = wp_kses( $_POST['my_meta_field'], array() ); // no tags allowed update_post_meta( $post_id, 'my_meta_field', $clean_value ); } } ?></code></pre> <p>If your plugin genuinely needs HTML in user content, define a safe allowed tags array and use <code>wp_kses()</code> with a conservative list.</p> </section> <section id="final-notes"> <h2 id="final-notes">Final notes</h2> <ul> <li>Prioritize patching: When the plugin author ships an official fix, update as soon as possible.</li> <li>Do not rely on any single control: hardening, web-layer protections, and monitoring together reduce risk.</li> <li>Protect admin accounts proactively: mandate MFA and reduce admin user count.</li> <li>Regularly audit your plugins and remove unused ones.</li> <li>If you lack in-house security expertise, engage a qualified security professional for detection, containment, and remediation.</li> </ul> <p>If you found this guide useful, save it and share with other site owners in your organisation. Vulnerabilities like authenticated stored XSS are easier to manage when multiple layers of defence are in place — and when every admin account follows strong security practices.</p> <footer> <p>Stay safe,<br />Hong Kong Security Expert</p> </footer> </section> </article> </div> <section class="post-tags"><ul><li><h5 class="title-tags">टैग:</h5></li><li><a href="https://wp-security.org/hi/tag/wordpress-security/" rel="tag">WordPress Security</a></li></ul></section> <div class="pk-share-buttons-wrap pk-share-buttons-layout-default pk-share-buttons-scheme-bold-bg pk-share-buttons-has-counts pk-share-buttons-has-total-counts pk-share-buttons-after-post pk-share-buttons-mode-php pk-share-buttons-mode-rest" data-post-id="4190" data-share-url="https://wp-security.org/hi/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" > <div class="pk-share-buttons-total pk-share-buttons-total-no-count"> <div class="pk-share-buttons-count cs-font-primary">0 Shares:</div> </div> <div class="pk-share-buttons-items"> <div class="pk-share-buttons-item pk-share-buttons-facebook pk-share-buttons-no-count" data-id="facebook"> <a href="https://www.facebook.com/sharer.php?u=https://wp-security.org/hi/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="pk-share-buttons-link" target="_blank"> <i class="pk-share-buttons-icon pk-icon pk-icon-facebook"></i> <span class="pk-share-buttons-label pk-font-primary">साझा करें</span> <span class="pk-share-buttons-count pk-font-secondary">0</span> </a> </div> <div class="pk-share-buttons-item pk-share-buttons-twitter pk-share-buttons-no-count" data-id="twitter"> <a href="https://x.com/share?&text=%3Ctrp-post-container%20data-trp-post-id%3D%274190%27%3EHong%20Kong%20NGO%20Alert%20XSS%20in%20Plugin%28CVE20264142%29%3C%2Ftrp-post-container%3E&url=https://wp-security.org/hi/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="pk-share-buttons-link" target="_blank"> <i class="pk-share-buttons-icon pk-icon pk-icon-twitter"></i> <span class="pk-share-buttons-label pk-font-primary">ट्वीट</span> <span class="pk-share-buttons-count pk-font-secondary">0</span> </a> </div> <div class="pk-share-buttons-item pk-share-buttons-pinterest pk-share-buttons-no-count" data-id="pinterest"> <a href="https://pinterest.com/pin/create/bookmarklet/?url=https://wp-security.org/hi/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/&media=https://wp-security.org/wp-content/uploads/2026/04/2026-04-22CVE20264142Sentence-To-SEO-keywords-description-and-tags-1024x576.jpg" class="pk-share-buttons-link" target="_blank"> <i class="pk-share-buttons-icon pk-icon pk-icon-pinterest"></i> <span class="pk-share-buttons-label pk-font-primary">इसे पिन करें</span> <span class="pk-share-buttons-count pk-font-secondary">0</span> </a> </div> </div> </div> <section class="post-author"> <div class="authors-compact"> <div class="author-wrap"> <div class="author"> <div class="author-avatar"> <a href="https://wp-security.org/hi/author/wp-security/" rel="author"> <img alt='' src='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=120&d=mm&r=g' srcset='https://secure.gravatar.com/avatar/16bf83a02c7c3aa39247769e866366c2ea8ccfb8bd88a16ef3ac35925a1da888?s=240&d=mm&r=g 2x' class='avatar avatar-120 photo' height='120' width='120' decoding='async'/> </a> </div> <div class="author-description"> <h5 class="title-author"> <span class="fn"> <a href="https://wp-security.org/hi/author/wp-security/" rel="author"> WP Security Vulnerability Report </a> </span> </h5> <p class="note"></p> </div> </div> </div> </div> </section> <div id="disqus_thread"></div> </div> </div> </article> <div class="post-prev-next"> <a class="link-item prev-link" href="https://wp-security.org/hi/vulnerability-database/community-security-alert-mcatfilter-csrf-vulnerabilitycve20264139/"> <div class="link-content"> <div class="link-label"> <span class="link-arrow"></span><span class="link-text"> — पिछला लेख</span> </div> <h2 class="entry-title"> Community Security Alert mCatFilter CSRF Vulnerability(CVE20264139) </h2> </div> </a> <a class="link-item next-link" href="https://wp-security.org/hi/vulnerability-database/community-advisory-csrf-in-woocommerce-order-exportcve20264140/"> <div class="link-content"> <div class="link-label"> <span class="link-text">अगला लेख — </span><span class="link-arrow"></span> </div> <h2 class="entry-title"> Community Advisory CSRF in WooCommerce Order Export(CVE20264140) </h2> </div> </a> </div> <section class="post-archive archive-related"> <div class="archive-wrap"> <div class="title-block-wrap"> <h5 class="title-block"> आपको यह भी पसंद आ सकता है </h5> </div> <div class="archive-main archive-list archive-heading-small archive-borders-enabled archive-shadow-enabled archive-scale-enabled"> <article class="entry-without-preview post-3941 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/security-advisory-xss-in-kubio-ai-plugincve202634887/" rel="bookmark">Security Advisory XSS in Kubio AI Plugin(CVE202634887)</a></h2><ul class="post-meta"><li class="meta-date">मार्च 31, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Cross Site Scripting (XSS) in WordPress Kubio AI Page Builder Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-2690 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/popupkit-access-control-vulnerability-advisorycve202514895/" rel="bookmark">PopupKit Access Control Vulnerability Advisory(CVE202514895)</a></h2><ul class="post-meta"><li class="meta-date">फ़रवरी 10, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Broken Access Control in WordPress PopupKit Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-2320 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/safeguarding-hong-kong-websites-from-xsscve20260800/" rel="bookmark">Safeguarding Hong Kong Websites from XSS(CVE20260800)</a></h2><ul class="post-meta"><li class="meta-date">जनवरी 26, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Cross Site Scripting (XSS) in WordPress User Submitted Posts Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-1682 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/community-advisory-lc-wizard-plugin-authorization-flawcve20255483/" rel="bookmark">Community Advisory LC Wizard Plugin Authorization Flaw(CVE20255483)</a></h2><ul class="post-meta"><li class="meta-date">नवम्बर 7, 2025</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability </div> </div> </div> </div> </article> <article class="entry-without-preview post-1870 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/safeguarding-hong-kong-sites-against-imaq-csrfcve202513363/" rel="bookmark">Safeguarding Hong Kong Sites Against IMAQ CSRF(CVE202513363)</a></h2><ul class="post-meta"><li class="meta-date">दिसम्बर 11, 2025</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Cross Site Request Forgery (CSRF) in WordPress IMAQ CORE Plugin </div> </div> </div> </div> </article> <article class="entry-without-preview post-2271 post type-post status-publish format-standard has-post-thumbnail category-vulnerability-database tag-wordpress-security"> <div class="post-outer"> <div class="post-inner"> <div class="meta-category"><a class="category-style" href="https://wp-security.org/hi/category/vulnerability-database/"><span style="background-color:#EDF2FF" data-color="#EDF2FF" data-color-dark="#555555" class="char" data-scheme="default">W</span><span class="label">WordPress Vulnerability Database</span></a></div> <header class="entry-header"> <h2 class="entry-title"><a href="https://wp-security.org/hi/vulnerability-database/protect-against-privilege-escalation-in-acf-extendedcve202514533/" rel="bookmark">Protect Against Privilege Escalation in ACF Extended(CVE202514533)</a></h2><ul class="post-meta"><li class="meta-date">जनवरी 20, 2026</li></ul> </header> <div class="entry-details"> <div class="entry-excerpt"> Privilege Escalation in WordPress Advanced Custom Fields: Extended Plugin </div> </div> </div> </div> </article> </div> </div> </section> </main> </div> </div> </div> </div> <footer id="colophon" class="site-footer"> <div class="footer-subscribe"> <div class="cs-container"> <div class="subscribe-wrap"> </div> </div> </div> <div class="footer-info"> <div class="cs-container"> <div class="site-info"> <div class="footer-col-info"> <span class="site-title footer-title" href="https://wp-security.org/hi/" rel="home"> <img src="https://wp-security.org/wp-content/uploads/2025/08/WP-Security-logo-1-e1754494371106.png" alt="WP Security" > </span> <div class="footer-copyright"> © 2025 WP-Security.org Disclaimer: WP-Security.org is an independent, non-profit NGO community committed to sharing WordPress security news and information. We are not affiliated with WordPress, its parent company, or any related entities. All trademarks are the property of their respective owners. </div> </div> </div> </div> </div> </footer> </div> </div> </div> <template id="tp-language" data-tp-language="hi_IN"></template><script type="speculationrules"> {"prefetch":[{"source":"document","where":{"and":[{"href_matches":"/hi/*"},{"not":{"href_matches":["/wp-*.php","/wp-admin/*","/wp-content/uploads/*","/wp-content/*","/wp-content/plugins/*","/wp-content/themes/squaretype/*","/hi/*\\?(.+)"]}},{"not":{"selector_matches":"a[rel~=\"nofollow\"]"}},{"not":{"selector_matches":".no-prefetch, .no-prefetch a"}}]},"eagerness":"conservative"}]} </script> <a href="#top" class="pk-scroll-to-top"> <i class="pk-icon pk-icon-up"></i> </a> <div class="pk-mobile-share-overlay"> </div> <script type="text/javascript"> var _paq = _paq || []; _paq.push(['setCustomDimension', 1, '{"ID":3,"name":"WP Security Vulnerability Report","avatar":"f7de7e299d4a4b4c92c6f2c2a29a7ca7"}']); _paq.push(['trackPageView']); (function () { var u = "https://analytics2.wpmudev.com/"; _paq.push(['setTrackerUrl', u + 'track/']); _paq.push(['setSiteId', '24942']); var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0]; g.type = 'text/javascript'; g.async = true; g.defer = true; g.src = 'https://analytics.wpmucdn.com/matomo.js'; s.parentNode.insertBefore(g, s); })(); </script> <script id='kirki-viewport-lists'>var kirkiViewports = {"md":{"value":1200,"scale":1,"minWidth":1200,"maxWidth":1200,"title":"Desktop","icon":"desktop","activeIcon":"desktop-hover","id":"md","type":"max"},"tablet":{"value":991,"scale":1,"minWidth":991,"maxWidth":991,"title":"Tablet","icon":"tablet-default","activeIcon":"tablet-hover","type":"max","id":"tablet"},"mobileLandscape":{"value":767,"scale":1,"minWidth":767,"maxWidth":767,"title":"Landscape","icon":"phone-hr-default","activeIcon":"phone-hr-hover","type":"max","id":"mobileLandscape"},"mobile":{"value":575,"scale":1,"minWidth":575,"maxWidth":575,"title":"Mobile","icon":"phone-vr-default","activeIcon":"phone-vr-hover","type":"max","id":"mobile"}};</script><script id='kirki-variable-lists'>var kirkiCSSVariable = {"data":[{"title":"Colors","key":"color","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Numbers","key":"size","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Text Styles","key":"text-style","modes":[{"title":"Default","key":"default"}],"variables":[]},{"title":"Font Family","key":"font-family","modes":[{"title":"Default","key":"default"}],"variables":[]}]};</script><script id="kirki-api-and-nonce"> window.wp_kirki = { ajaxUrl: "https://wp-security.org/wp-admin/admin-ajax.php", restUrl: "https://wp-security.org/hi/wp-json/", siteUrl: "https://wp-security.org", apiVersion: "v1", postId: "4190", nonce: "700cb694a4", call_from: "", templateId: "", context: {"id":4190,"type":"post"} }; </script><script id="wp-importmap" type="importmap"> {"imports":{"@wordpress/interactivity":"https://wp-security.org/wp-includes/js/dist/script-modules/interactivity/index.min.js?ver=efaa5193bbad9c60ffd1","@surecart/checkout":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67","@surecart/checkout-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-events/index.js?ver=ed9647bd6c7865efe2ad","@surecart/checkout-service":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout-actions/index.js?ver=e445a0ee0396d75d52c0","@surecart/google-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/google/index.js?ver=d92e383a18bcf54ea538","@surecart/facebook-events":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/facebook/index.js?ver=cf5c6499cb7b867894c1","@wordpress/a11y":"https://wp-security.org/wp-includes/js/dist/script-modules/a11y/index.min.js?ver=1c371cb517a97cdbcb9f","@surecart/api-fetch":"https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/fetch/index.js?ver=1bfba8ea0694a193022a"}} </script> <script id="@surecart/line-item-note-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/line-item-note/index.js?ver=af6cf14267b5a9ad219f" type="module"></script> <script id="@surecart/checkout-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/checkout/index.js?ver=3bbe28b8db1e11147c67" type="module"></script> <script id="@surecart/cart-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/cart/index.js?ver=c2f35b71b4309df849fe" type="module"></script> <script id="@surecart/order-bumps-js-module" src="https://wp-security.org/wp-content/plugins/surecart/packages/blocks-next/build/scripts/order-bumps/index.js?ver=c639def39210a6244eb2" type="module"></script> <script id="wp-script-module-data-@wordpress/interactivity" type="application/json"> {"state":{"surecart/order-bumps":{"currentPage":1,"perPage":3},"surecart/checkout":{"checkout":{"line_items":{"data":[]}},"discountIsRedeemable":false,"isDiscountApplied":false,"hasDiscountAmount":false,"hasSubtotalScratchAmount":false,"itemsCount":0,"hasItems":false}}} </script> <div id="fb-root"></div> <script async defer crossorigin="anonymous" src="https://connect.facebook.net/hi_IN/sdk.js#xfbml=1&version=v17.0&appId=&autoLogAppEvents=1" nonce="Ci8te34e"></script> <script> window.scFetchData = {"root_url":"https:\/\/wp-security.org\/hi\/wp-json\/","nonce":"700cb694a4","nonce_endpoint":"https:\/\/wp-security.org\/wp-admin\/admin-ajax.php?action=sc-rest-nonce"} </script>  <div data-wp-context='{"formId":131,"mode":"live"}' data-wp-interactive='{ "namespace": "surecart/checkout" }' data-wp-init="callbacks.init" data-wp-watch="callbacks.onChangeCheckout" data-wp-on-window--storage="callbacks.syncTabs" class="sc-cart-wrapper is-layout-flow wp-container-surecart-slide-out-cart-is-layout-c8108a87 wp-block-surecart-slide-out-cart-is-layout-flow" > <div style="font-size:15px;width: 525px" class="sc-drawer sc-cart-drawer wp-block-surecart-slide-out-cart" role="dialog" data-wp-bind--aria-label="surecart/cart::state.ariaLabel" data-wp-class--open="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown" >  <div class="sc-alert sc-alert__alert--danger" role="alert" aria-live="assertive" aria-atomic="true" data-wp-bind--hidden="!state.error" hidden> <div class="sc-alert__icon"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <circle cx="12" cy="12" r="10" /> <line x1="12" y1="8" x2="12" y2="12" /> <line x1="12" y1="16" x2="12.01" y2="16" /> </svg> </div> <div class="sc-alert__text"> <div class="sc-alert__title"> <span data-wp-text="state.errorTitle"></span> </div> <div class="sc-alert__message"> <div data-wp-text="state.errorMessage"></div> <template data-wp-each--message="state.additionalErrors"> <div> <span data-wp-text="context.message"></span> </div> </template> </div> </div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-64e1162d wp-block-group-is-layout-flex" style="padding-top:1.5em;padding-right:2em;padding-bottom:0em;padding-left:2em"> <div style="line-height:1" class="wp-block-surecart-cart-close-button" data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keypress="surecart/cart::actions.toggle" role="button" tabindex="0" aria-label="कार्ट बंद करें" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> <polyline points="12 5 19 12 12 19" /> </svg> </div> <p class="wp-block-paragraph" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;font-size:16px;font-style:normal;font-weight:500;line-height:1"> मेरा ऑर्डर देखें</p> <span style="font-size:14px;font-weight:600;line-height:1;border-radius:4px;padding-top:6px;padding-bottom:6px;padding-left:10px;padding-right:10px" class="wp-block-surecart-cart-count" data-wp-text="state.itemsCount">0</span> </div> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="padding-top:2em;padding-bottom:2em;padding-left:2em;padding-right:2em" class="wp-block-surecart-slide-out-cart-line-items is-layout-flow wp-container-surecart-slide-out-cart-line-items-is-layout-2e48a420 wp-block-surecart-slide-out-cart-line-items-is-layout-flow" role="list"> <template data-wp-each--line_item="state.checkoutLineItems" data-wp-each-key="context.line_item.id" > <div class="sc-product-line-item" data-wp-class--sc-product-line-item--has-swap="state.swap" role="listitem" data-wp-bind--aria-label="state.lineItemAriaLabel"> <div class="sc-product-line-item__content"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-92927b4a wp-block-group-is-layout-flex"> <figure class="sc-cart-line-item-image-wrap wp-container-content-962be591 wp-duotone-unset-1" data-wp-bind--hidden="!context.line_item.image.src"> <img style="margin-top:0;margin-bottom:0;aspect-ratio:1;border-radius:4px;border-width:1px;margin-top:0;margin-bottom:0" class="sc-is-covered wp-block-surecart-cart-line-item-image" data-wp-bind--alt="context.line_item.image.alt" data-wp-bind--srcset="context.line_item.image.srcset" data-wp-bind--sizes="context.line_item.image.sizes" data-wp-bind--src="context.line_item.image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-content-justification-stretch is-nowrap is-layout-flex wp-container-core-group-is-layout-41c7e08e wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-53e22457 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <a style="font-style:normal;font-weight:500;line-height:1.4;text-decoration:none" class="wp-block-surecart-cart-line-item-title" data-wp-bind--href="state.lineItemPermalink"> <span data-wp-text="context.line_item.price.product.name"></span> </a> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-price-name" data-wp-text="state.lineItemPriceName" data-wp-bind--hidden="!state.lineItemPriceName"></div> <div style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-variant" data-wp-text="state.lineItemVariant" data-wp-bind--hidden="!state.lineItemVariant"></div> <div data-wp-interactive='{ "namespace": "surecart/line-item-note" }' style="font-size:14px;line-height:1.4" class="wp-block-surecart-cart-line-item-note" data-wp-context='{}' data-wp-run="callbacks.init" data-wp-class--line-item-note--is-expanded="context.noteExpanded" data-wp-class--line-item-note--is-collapsible="context.showToggle" data-wp-bind--hidden="surecart/checkout::!state.lineItemNote" data-wp-on--click="actions.toggleNoteExpanded" data-wp-on--keydown="actions.toggleNoteExpanded" data-wp-bind--role="button" data-wp-bind--disabled="!context.showToggle" data-wp-bind--aria-expanded="context.noteExpanded" data-wp-bind--aria-label="Toggle note visibility" tabindex="0" > <div class="line-item-note__text" data-wp-text="surecart/checkout::state.lineItemNote" ></div> <span class="sc-icon" data-wp-class--sc-icon--rotated="context.noteExpanded" > <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="6 9 12 15 18 9" /> </svg> </span> </div> </div></div> <div class="sc-product-line-item__purchasable-status wp-block-surecart-cart-line-item-status has-text-align-right" data-wp-text="context.line_item.purchasable_status_display" data-wp-bind--hidden="!context.line_item.purchasable_status_display" role="status" aria-live="polite" aria-atomic="true" > </div> </div></div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex" style="line-height:1.4"> <div class="wp-block-surecart-cart-line-item-scratch-amount" data-wp-text="context.line_item.scratch_display_amount" data-wp-bind--hidden="!state.lineItemHasScratchAmount" ></div> <div style="font-style:normal;font-weight:500" class="wp-block-surecart-cart-line-item-amount has-text-align-right" data-wp-text="context.line_item.subtotal_display_amount"></div> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text"> <span class="wp-block-surecart-cart-line-item-interval__interval" data-wp-bind--hidden="!context.line_item.price.short_interval_text" data-wp-text="context.line_item.price.short_interval_text" ></span> <span class="wp-block-surecart-cart-line-item-interval__count" data-wp-bind--hidden="!context.line_item.price.short_interval_count_text" data-wp-text="context.line_item.price.short_interval_count_text" ></span> </div> </div> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <div style="font-size:14px" class="wp-block-surecart-cart-line-item-trial has-text-align-right" data-wp-bind--hidden="!context.line_item.price.trial_text" data-wp-text="context.line_item.price.trial_text" ></div> <template data-wp-each--fee="state.lineItemFees" data-wp-each-key="context.fee.id" > <div style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right"> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.display_amount" ></span> <span style="font-size:14px" class="wp-block-surecart-cart-line-item-fees has-text-align-right" data-wp-text="context.fee.description" ></span> </div> </template> </div></div> </div></div> </div> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-e5460375 wp-block-group-is-layout-flex"> <div class="wp-block-group wp-container-content-9cfa9a5a"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"><div class="sc-input-group sc-input-group-sm sc-quantity-selector wp-block-surecart-cart-line-item-quantity" data-wp-class--quantity--disabled="state.isQuantityDisabled" data-wp-bind--hidden="!state.isEditable" hidden="1"> <div class="sc-input-group-text sc-quantity-selector__decrease" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityDecrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityDecrease" data-wp-bind--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityDecreaseDisabled" data-wp-class--button--disabled="state.isQuantityDecreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.decreaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> <input type="number" class="sc-form-control sc-quantity-selector__control" data-wp-bind--value="context.line_item.quantity" data-wp-on--change="surecart/checkout::actions.onQuantityChange" data-wp-bind--min="context.line_item.min" data-wp-bind--aria-valuemin="context.line_item.min" data-wp-bind--max="context.line_item.max" data-wp-bind--aria-valuemax="context.line_item.max" data-wp-bind--aria-valuenow="context.line_item.quantity" data-wp-bind--disabled="surecart/checkout::state.loading" data-wp-bind--aria-label="surecart/checkout::state.quantityInputAriaLabel" step="1" autocomplete="off" role="spinbutton" /> <div class="sc-input-group-text sc-quantity-selector__increase" role="button" tabindex="0" data-wp-on--click="surecart/checkout::actions.onQuantityIncrease" data-wp-on--keydown="surecart/checkout::actions.onQuantityIncrease" data-wp-bind--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-disabled="state.isQuantityIncreaseDisabled" data-wp-class--button--disabled="state.isQuantityIncreaseDisabled" data-wp-bind--aria-label="surecart/checkout::state.increaseQuantityAriaLabel" > <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </div> </div> </div></div> <div class="wp-block-group is-vertical is-content-justification-right is-layout-flex wp-container-core-group-is-layout-4c9338fd wp-block-group-is-layout-flex"> <div style="font-size:14px;font-style:normal;font-weight:400" class="wp-block-surecart-cart-line-item-remove" data-wp-bind--aria-label="surecart/checkout::state.removeItemAriaLabel" data-wp-on--click="surecart/checkout::actions.removeLineItem" data-wp-on--keydown="surecart/checkout::actions.removeLineItem" role="button" tabindex="0" > <svg class="wp-block-surecart-cart-line-item-remove__icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="18" y1="6" x2="6" y2="18" /> <line x1="6" y1="6" x2="18" y2="18" /> </svg> <span class="wp-block-surecart-cart-line-item-remove__label"> हटाएँ </span> </div> </div> </div> </div> </div> </div></div> </div> <div class="sc-product-line-item__swap" data-wp-bind--hidden="!state.swap" hidden data-wp-on--click="actions.toggleSwap"> <div class="sc-product-line-item__swap-content"> <button type="button" class="sc-toggle" role="switch" aria-checked="false" data-wp-bind--aria-checked="context.line_item.swap" data-wp-class--sc-toggle--checked="context.line_item.swap"> <span class="sc-toggle__label">सेटिंग का उपयोग करें</span> <span aria-hidden="true" class="sc-toggle__knob"></span> </button> <span data-wp-text="state.swap.description"></span> </div> <div class="sc-product-line-item__swap-amount"> <span data-wp-text="state.swapDisplayAmount" class="sc-product-line-item__swap-amount-value"></span> <span data-wp-text="state.swapIntervalText" class="sc-product-line-item__swap-amount-interval"></span> <span data-wp-text="state.swapIntervalCountText" class="sc-product-line-item__swap-amount-interval-count"></span> </div> </div> </div> </template> </div> </div></div> <div class="wp-block-group" style="border-top-color:#b0b0b069;border-top-width:1px;padding-top:0em;padding-right:0em;padding-bottom:0em;padding-left:0em"><div class="wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow"> <div style="border-bottom-width:1px;border-bottom-color:#b0b0b069;padding-top:1.5em;padding-bottom:1.5em;padding-left:2em;padding-right:2em" class="wp-block-surecart-cart-order-bumps" data-wp-context='{"hideAddedItems":true}' data-wp-interactive='{ "namespace": "surecart/order-bumps" }' data-wp-init="callbacks.init" data-wp-bind--hidden="!state.hasOrderBumps" hidden> <div class="wp-block-group is-content-justification-space-between is-nowrap is-layout-flex wp-container-core-group-is-layout-768bb735 wp-block-group-is-layout-flex" style="margin-bottom:0.75em"> <p class="wp-block-paragraph" style="margin-top:0;margin-bottom:0;font-style:normal;font-weight:500">आपके लिए सुझाया गया</p> <nav class="wp-block-surecart-cart-order-bump-pagination is-layout-flex wp-container-surecart-cart-order-bump-pagination-is-layout-00ae689d wp-block-surecart-cart-order-bump-pagination-is-layout-flex" data-wp-bind--hidden="!state.showPagination" aria-label="ऑर्डर बम्प्स पेजिनेशन" hidden> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-previous" data-wp-on--click="surecart/order-bumps::actions.previousPage" data-wp-on--keydown="surecart/order-bumps::actions.handlePreviousKeydown" data-wp-bind--disabled="!state.hasPreviousPage" data-wp-bind--aria-disabled="!state.hasPreviousPage" aria-label="पिछला पृष्ठ" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-previous__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="15 18 9 12 15 6" /> </svg> </div> <div aria-disabled="true" disabled class="has-arrow-type-chevron wp-block-surecart-cart-order-bump-pagination-next" data-wp-on--click="surecart/order-bumps::actions.nextPage" data-wp-on--keydown="surecart/order-bumps::actions.handleNextKeydown" data-wp-bind--disabled="!state.hasNextPage" data-wp-bind--aria-disabled="!state.hasNextPage" aria-label="अगला पृष्ठ" role="button" tabindex="0" > <svg aria-hidden="true" class="wp-block-surecart-cart-order-bump-pagination-next__icon" xmlns="http://www.w3.org/2000/svg" width="20" height="20" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="9 18 15 12 9 6" /> </svg> </div> </nav> </div> <ul class="wp-block-surecart-cart-order-bump-template is-layout-flex wp-container-surecart-cart-order-bump-template-is-layout-e99f66c5 wp-block-surecart-cart-order-bump-template-is-layout-flex" role="list" data-wp-class--has-overflow="state.hasMultipleBumps" data-wp-on--scrollend="callbacks.onCarouselScroll" data-wp-on--keydown="actions.handleCarouselKeydown" tabindex="0" data-wp-bind--aria-label="state.orderBumpsListAriaLabel" > <template data-wp-each--bump="state.orderBumps" data-wp-each-key="context.bump.id" > <li class="sc-cart-order-bump-item" role="listitem"> <div class="wp-block-group has-border-color wp-container-content-9cfa9a5a is-nowrap is-layout-flex wp-container-core-group-is-layout-e91b8ce6 wp-block-group-is-layout-flex" style="border-color:#e0e0e0;border-width:1px;border-radius:12px;padding-top:0.75em;padding-right:1em;padding-bottom:0.75em;padding-left:0.75em"> <figure class="sc-cart-order-bump-image-wrap wp-container-content-d0d0a6b5" data-wp-bind--hidden="!context.bump.price.product.line_item_image.src"> <img style="aspect-ratio:1;width:72px;border-radius:8px" class="sc-is-covered wp-block-surecart-cart-order-bump-image" data-wp-bind--alt="context.bump.price.product.name" data-wp-bind--src="context.bump.price.product.line_item_image.src" loading="lazy" /> </figure> <div class="wp-block-group wp-container-content-9cfa9a5a is-vertical is-layout-flex wp-container-core-group-is-layout-0370e391 wp-block-group-is-layout-flex"> <span style="font-size:15px;font-weight:600;line-height:1.3" class="wp-block-surecart-cart-order-bump-title" data-wp-text="context.bump.name" ></span> <div style="color:#6b7280;font-size:13px;line-height:1.3" class="wp-block-surecart-cart-order-bump-description has-text-color" data-wp-bind--hidden="!context.bump.metadata.description" data-wp-text="context.bump.metadata.description" hidden></div> <div class="wp-block-group is-nowrap is-layout-flex wp-container-core-group-is-layout-0cf19278 wp-block-group-is-layout-flex"> <div style="font-size:14px" class="wp-block-surecart-cart-order-bump-scratch-amount" data-wp-text="context.bump.subtotal_display_amount" data-wp-bind--hidden="!state.bumpHasDiscount" ></div> <div style="font-size:14px;font-weight:500" class="wp-block-surecart-cart-order-bump-amount" data-wp-text="context.bump.total_display_amount"></div> </div> </div> <div style="font-size:18px;font-weight:400;border-color:#d1d5db;border-top-left-radius:74.6%;border-top-right-radius:74.6%;border-bottom-left-radius:74.6%;border-bottom-right-radius:74.6%;border-width:1px;padding-top:0.5em;padding-bottom:0.5em;padding-left:0.5em;padding-right:0.5em" class="sc-cart-order-bump-add-button wp-block-surecart-cart-order-bump-add-button has-border-color" role="button" tabindex="0" data-wp-on--click="surecart/order-bumps::actions.addBumpToCart" data-wp-on--keydown="surecart/order-bumps::actions.handleAddButtonKeydown" data-wp-bind--disabled="state.isBumpInCart" data-wp-bind--aria-disabled="state.isBumpInCart" data-wp-class--sc-cart-order-bump-add-button--added="state.isBumpInCart" data-wp-bind--aria-label="state.addButtonAriaLabel" aria-label="कार्ट में जोड़ें" > <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="state.isBumpInCart"> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <line x1="12" y1="5" x2="12" y2="19" /> <line x1="5" y1="12" x2="19" y2="12" /> </svg> </span> <span class="sc-cart-order-bump-add-button__icon" aria-hidden="true" data-wp-bind--hidden="!state.isBumpInCart" hidden> <svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <polyline points="20 6 9 17 4 12" /> </svg> </span> </div> </div> </li> </template> </ul> </div> <div class="wp-block-group" style="margin-top:0;margin-bottom:0;padding-top:2em;padding-right:2em;padding-bottom:2em;padding-left:2em"><div class="wp-block-group__inner-container is-layout-constrained wp-container-core-group-is-layout-491b0754 wp-block-group-is-layout-constrained"> <div class="wp-block-surecart-slide-out-cart-items-subtotal is-content-justification-space-between is-nowrap is-layout-flex wp-container-surecart-slide-out-cart-items-subtotal-is-layout-0a93696a wp-block-surecart-slide-out-cart-items-subtotal-is-layout-flex"> <div class="wp-block-group"><div class="wp-block-group__inner-container is-layout-flow wp-container-core-group-is-layout-c8108a87 wp-block-group-is-layout-flow"> <p class="wp-block-paragraph" style="margin-top:0px;margin-bottom:0px;font-size:18px;font-style:normal;font-weight:500;line-height:1.4"> उप-योग</p> <p class="has-text-color has-link-color wp-elements-3ccbd622ec95a2fb9ce4984e15710a06 wp-block-paragraph" style="color:var(--sc-input-help-text-color);font-size:14px;line-height:1.4">चेकआउट पर कर और शिपिंग की गणना की गई</p> </div></div> <div class="wp-block-group is-content-justification-right is-nowrap is-layout-flex wp-container-core-group-is-layout-f843080e wp-block-group-is-layout-flex"><span style="font-size:18px;line-height:1.4" class="wp-block-surecart-cart-subtotal-scratch-amount" data-wp-text="state.checkout.subtotal_scratch_display_amount" data-wp-bind--hidden="!state.hasSubtotalScratchAmount" data-wp-bind--aria-label="state.subtotalScratchAriaLabel" hidden></span> <span style="font-size:18px;font-style:normal;font-weight:500;line-height:1.4" class="wp-block-surecart-cart-subtotal-amount" data-wp-text="state.checkout.subtotal_display_amount"></span> </div> </div> <div class="sc-cart-items-submit__wrapper" style="" > <div class="wp-block-button"> <a style="border-radius:4px" class="wp-block-button__link wp-element-button sc-button__link wp-block-surecart-slide-out-cart-items-submit" href="https://wp-security.org/hi/checkout/" data-wp-bind--disabled="state.loading" data-wp-class--sc-button__link--busy="state.loading" > <span class="sc-spinner" aria-hidden="false"></span> <span class="sc-button__link-text">चेकआउट</span> </a> </div> </div> </div></div> </div></div> <div class="sc-block-ui" data-wp-bind--hidden="!state.loading" hidden></div> </div>  <div class="sc-drawer__backdrop" data-wp-on--mousedown="surecart/cart::actions.closeOverlay" data-wp-on--touchstart="surecart/cart::actions.closeOverlay" data-wp-class--show="surecart/cart::state.open" data-wp-on--keydown="surecart/cart::actions.handleKeydown"></div> </div>  <div data-wp-interactive='{ "namespace": "surecart/checkout" }' class="wp-block-surecart-cart-icon" data-wp-context='{"formId":131,"mode":"live"}' data-wp-on--click="surecart/cart::actions.toggle" data-wp-on--keydown="surecart/cart::actions.toggle" tabindex="0" role="button" data-wp-bind--hidden="!state.hasItems" hidden> <div class="wp-block-surecart-cart-icon__container"> <div class="wp-block-surecart-cart-icon__icon" aria-label="कार्ट बटन।."> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewbox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"> <path d="M6 2L3 6v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V6l-3-4z" /> <line x1="3" y1="6" x2="21" y2="6" /> <path d="M16 10a4 4 0 0 1-8 0" /> </svg> </div> <span class="wp-block-surecart-cart-icon__count" data-wp-text="state.itemsCount" data-wp-bind--aria-label="state.itemsCountAriaLabel" >0</span> </div> </div><script id="wp-url-js" src="https://wp-security.org/wp-includes/js/dist/url.min.js?ver=bb0f766c3d2efe497871"></script> <script id="wp-hooks-js" src="https://wp-security.org/wp-includes/js/dist/hooks.min.js?ver=7496969728ca0f95732d"></script> <script id="wp-i18n-js" src="https://wp-security.org/wp-includes/js/dist/i18n.min.js?ver=781d11515ad3d91786ec"></script> <script id="wp-i18n-js-after"> wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); //# sourceURL=wp-i18n-js-after </script> <script id="wp-api-fetch-js-translations"> ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "default", {"translation-revision-date":"2024-02-25 08:05:38+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"hi_IN"},"The response is not a valid JSON response.":["\u092a\u094d\u0930\u0924\u093f\u0915\u094d\u0930\u093f\u092f\u093e \u0935\u0948\u0927 JSON \u092a\u094d\u0930\u0924\u093f\u0915\u094d\u0930\u093f\u092f\u093e \u0928\u0939\u0940\u0902 \u0939\u0948\u0964"],"An unknown error occurred.":["\u090f\u0915 \u0905\u091c\u094d\u091e\u093e\u0924 \u0924\u094d\u0930\u0941\u091f\u093f \u0939\u0941\u0908\u0964"],"Media upload failed. If this is a photo or a large image, please scale it down and try again.":["\u092e\u0940\u0921\u093f\u092f\u093e \u0905\u092a\u0932\u094b\u0921 \u0935\u093f\u092b\u0932 \u0930\u0939\u093e\u0964 \u092f\u0926\u093f \u092f\u0939 \u090f\u0915 \u092b\u093c\u094b\u091f\u094b \u092f\u093e \u092c\u0921\u093c\u0940 \u091b\u0935\u093f \u0939\u0948, \u0924\u094b \u0915\u0943\u092a\u092f\u093e \u0907\u0938\u0947 \u0928\u0940\u091a\u0947 \u092a\u0948\u092e\u093e\u0928\u0947 \u092a\u0930 \u0930\u0916\u0947\u0902 \u0914\u0930 \u092a\u0941\u0928\u0903 \u092a\u094d\u0930\u092f\u093e\u0938 \u0915\u0930\u0947\u0902\u0964"],"You are probably offline.":["\u0906\u092a \u0936\u093e\u092f\u0926 \u0911\u092b\u093c\u0932\u093e\u0907\u0928 \u0939\u0948\u0902\u0964"]}},"comment":{"reference":"wp-includes\/js\/dist\/api-fetch.js"}} ); //# sourceURL=wp-api-fetch-js-translations </script> <script id="wp-api-fetch-js" src="https://wp-security.org/wp-includes/js/dist/api-fetch.min.js?ver=d7efe4dc1468d36c39b8"></script> <script id="wp-api-fetch-js-after"> wp.apiFetch.use( wp.apiFetch.createRootURLMiddleware( "https://wp-security.org/hi/wp-json/" ) ); wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "700cb694a4" ); wp.apiFetch.use( wp.apiFetch.nonceMiddleware ); wp.apiFetch.use( wp.apiFetch.mediaUploadMiddleware ); wp.apiFetch.nonceEndpoint = "https://wp-security.org/wp-admin/admin-ajax.php?action=rest-nonce"; //# sourceURL=wp-api-fetch-js-after </script> <script id="wp-dom-ready-js" src="https://wp-security.org/wp-includes/js/dist/dom-ready.min.js?ver=a06281ae5cf5500e9317"></script> <script id="wp-a11y-js-translations"> ( function( domain, translations ) { var localeData = translations.locale_data[ domain ] || translations.locale_data.messages; localeData[""].domain = domain; wp.i18n.setLocaleData( localeData, domain ); } )( "default", {"translation-revision-date":"2024-02-25 08:05:38+0000","generator":"GlotPress\/4.0.1","domain":"messages","locale_data":{"messages":{"":{"domain":"messages","plural-forms":"nplurals=2; plural=n != 1;","lang":"hi_IN"},"Notifications":["\u0938\u0942\u091a\u0928\u093e\u090f\u0902"]}},"comment":{"reference":"wp-includes\/js\/dist\/a11y.js"}} ); //# sourceURL=wp-a11y-js-translations </script> <script id="wp-a11y-js" src="https://wp-security.org/wp-includes/js/dist/a11y.min.js?ver=af934e5259bc51b8718e"></script> <script id="trp-dynamic-translator-js-extra"> var trp_data = {"trp_custom_ajax_url":"https://wp-security.org/wp-content/plugins/translatepress-multilingual/includes/trp-ajax.php","trp_wp_ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","trp_language_to_query":"hi_IN","trp_original_language":"en_US","trp_current_language":"hi_IN","trp_skip_selectors":["[data-no-translation]","[data-no-dynamic-translation]","[data-trp-translate-id-innertext]","script","style","head","trp-span","translate-press","[data-trp-translate-id]","[data-trpgettextoriginal]","[data-trp-post-slug]"],"trp_base_selectors":["data-trp-translate-id","data-trpgettextoriginal","data-trp-post-slug"],"trp_attributes_selectors":{"text":{"accessor":"outertext","attribute":false},"block":{"accessor":"innertext","attribute":false},"image_src":{"selector":"img[src]","accessor":"src","attribute":true},"submit":{"selector":"input[type='submit'],input[type='button'], input[type='reset']","accessor":"value","attribute":true},"placeholder":{"selector":"input[placeholder],textarea[placeholder]","accessor":"placeholder","attribute":true},"title":{"selector":"[title]","accessor":"title","attribute":true},"a_href":{"selector":"a[href]","accessor":"href","attribute":true},"button":{"accessor":"outertext","attribute":false},"option":{"accessor":"innertext","attribute":false},"aria_label":{"selector":"[aria-label]","accessor":"aria-label","attribute":true},"video_src":{"selector":"video[src]","accessor":"src","attribute":true},"video_poster":{"selector":"video[poster]","accessor":"poster","attribute":true},"video_source_src":{"selector":"video source[src]","accessor":"src","attribute":true},"audio_src":{"selector":"audio[src]","accessor":"src","attribute":true},"audio_source_src":{"selector":"audio source[src]","accessor":"src","attribute":true},"picture_image_src":{"selector":"picture image[src]","accessor":"src","attribute":true},"picture_source_srcset":{"selector":"picture source[srcset]","accessor":"srcset","attribute":true}},"trp_attributes_accessors":["outertext","innertext","src","value","placeholder","title","href","aria-label","poster","srcset"],"gettranslationsnonceregular":"173be74acc","showdynamiccontentbeforetranslation":"","skip_strings_from_dynamic_translation":[],"skip_strings_from_dynamic_translation_for_substrings":{"href":["amazon-adsystem","googleads","g.doubleclick"]},"duplicate_detections_allowed":"100","trp_translate_numerals_opt":"no","trp_no_auto_translation_selectors":["[data-no-auto-translation]"]}; //# sourceURL=trp-dynamic-translator-js-extra </script> <script id="trp-dynamic-translator-js" src="https://wp-security.org/wp-content/plugins/translatepress-multilingual/assets/js/trp-translate-dom-changes.js?ver=3.2.1"></script> <script id="powerkit-js" src="https://wp-security.org/wp-content/plugins/powerkit/assets/js/_scripts.js?ver=3.0.7"></script> <script id="swv-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.1.6"></script> <script id="contact-form-7-js-before"> var wpcf7 = { "api": { "root": "https:\/\/wp-security.org\/hi\/wp-json\/", "namespace": "contact-form-7\/v1" }, "cached": 1 }; //# sourceURL=contact-form-7-js-before </script> <script id="contact-form-7-js" src="https://wp-security.org/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.1.6"></script> <script id="disqus_count-js-extra"> var countVars = {"disqusShortname":"wp-security-org"}; //# sourceURL=disqus_count-js-extra </script> <script id="disqus_count-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.1.4"></script> <script id="disqus_embed-js-extra"> var embedVars = {"disqusConfig":{"integration":"wordpress 3.1.4 7.0"},"disqusIdentifier":"4190 https://wp-security.org/uncategorized/hong-kong-ngo-alert-xss-in-plugincve20264142/","disqusShortname":"wp-security-org","disqusTitle":"Hong Kong NGO Alert XSS in Plugin(CVE20264142)","disqusUrl":"https://wp-security.org/hi/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/","postId":"4190"}; //# sourceURL=disqus_embed-js-extra </script> <script id="disqus_embed-js" src="https://wp-security.org/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.1.4"></script> <script id="powerkit-basic-elements-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/basic-elements/public/js/public-powerkit-basic-elements.js?ver=4.0.0"></script> <script id="justifiedgallery-js" src="https://wp-security.org/wp-content/plugins/canvas/components/justified-gallery/block/jquery.justifiedGallery.min.js?ver=2.5.3"></script> <script id="powerkit-justified-gallery-js-extra"> var powerkitJG = {"rtl":""}; //# sourceURL=powerkit-justified-gallery-js-extra </script> <script id="powerkit-justified-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/justified-gallery/public/js/public-powerkit-justified-gallery.js?ver=3.0.7"></script> <script id="imagesloaded-js" src="https://wp-security.org/wp-includes/js/imagesloaded.min.js?ver=5.0.0"></script> <script id="glightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/glightbox.min.js?ver=3.0.7"></script> <script id="powerkit-lightbox-js-extra"> var powerkit_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of","single_image_selectors":".entry-content img,.single .post-media img","gallery_selectors":".wp-block-gallery,.gallery","exclude_selectors":".sight-portfolio-area","zoom_icon":"1"}; //# sourceURL=powerkit-lightbox-js-extra </script> <script id="powerkit-lightbox-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/lightbox/public/js/public-powerkit-lightbox.js?ver=3.0.7"></script> <script id="powerkit-opt-in-forms-js-extra"> var opt_in = {"ajax_url":"https://wp-security.org/wp-admin/admin-ajax.php","warning_privacy":"Please confirm that you agree with our policies.","is_admin":"","server_error":"Server error occurred. Please try again later."}; //# sourceURL=powerkit-opt-in-forms-js-extra </script> <script id="powerkit-opt-in-forms-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/opt-in-forms/public/js/public-powerkit-opt-in-forms.js?ver=3.0.7"></script> <script id="powerkit-pinterest-js" async="async" defer="defer" src="//assets.pinterest.com/js/pinit.js?ver=7.0"></script> <script id="powerkit-pin-it-js-extra"> var powerkit_pinit_localize = {"image_selectors":".entry-content img","exclude_selectors":".cnvs-block-row,.cnvs-block-section,.cnvs-block-posts .entry-thumbnail,.cnvs-post-thumbnail,.pk-block-author,.pk-featured-categories img,.pk-inline-posts-container img,.pk-instagram-image,.pk-subscribe-image,.wp-block-cover,.pk-block-posts,.sight-portfolio-entry-link-page","only_hover":"1"}; //# sourceURL=powerkit-pin-it-js-extra </script> <script id="powerkit-pin-it-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/pinterest/public/js/public-powerkit-pin-it.js?ver=3.0.7"></script> <script id="powerkit-scroll-to-top-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/scroll-to-top/public/js/public-powerkit-scroll-to-top.js?ver=3.0.7"></script> <script id="powerkit-share-buttons-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/share-buttons/public/js/public-powerkit-share-buttons.js?ver=3.0.7"></script> <script id="flickity-js" src="https://wp-security.org/wp-content/plugins/canvas/components/slider-gallery/block/flickity.pkgd.min.js?ver=2.5.3"></script> <script id="powerkit-slider-gallery-js-extra"> var powerkit_sg_flickity = {"page_info_sep":" of "}; //# sourceURL=powerkit-slider-gallery-js-extra </script> <script id="powerkit-slider-gallery-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/slider-gallery/public/js/public-powerkit-slider-gallery.js?ver=3.0.7"></script> <script id="powerkit-table-of-contents-js-extra"> var powerkit_toc_config = {"label_show":"Show","label_hide":"Hide"}; //# sourceURL=powerkit-table-of-contents-js-extra </script> <script id="powerkit-table-of-contents-js" src="https://wp-security.org/wp-content/plugins/powerkit/modules/table-of-contents/public/js/public-powerkit-table-of-contents.js?ver=3.0.7"></script> <script id="magnific-popup-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/jquery.magnific-popup.min.js?ver=1774098503"></script> <script id="sight-block-script-js-extra"> var sight_lightbox_localize = {"text_previous":"Previous","text_next":"Next","text_close":"Close","text_loading":"Loading","text_counter":"of"}; //# sourceURL=sight-block-script-js-extra </script> <script id="sight-block-script-js" src="https://wp-security.org/wp-content/plugins/sight/render/js/sight.js?ver=1774098503"></script> <script id="colcade-js" src="https://wp-security.org/wp-content/plugins/canvas/components/posts/block-posts/colcade.js?ver=2.5.3"></script> <script id="object-fit-images-js" src="https://wp-security.org/wp-content/themes/squaretype/js/ofi.min.js?ver=3.2.3"></script> <script id="csco-scripts-js-extra"> var csco_mega_menu = {"rest_url":"https://wp-security.org/hi/wp-json/csco/v1/menu-posts","current_lang":"","current_locale":"hi_IN"}; //# sourceURL=csco-scripts-js-extra </script> <script id="csco-scripts-js" src="https://wp-security.org/wp-content/themes/squaretype/js/scripts.js?ver=3.1.1"></script> <script async data-wp-strategy="async" fetchpriority="low" id="comment-reply-js" src="https://wp-security.org/wp-includes/js/comment-reply.min.js?ver=7.0"></script> <script id="wp-emoji-settings" type="application/json"> {"baseUrl":"https://s.w.org/images/core/emoji/17.0.2/72x72/","ext":".png","svgUrl":"https://s.w.org/images/core/emoji/17.0.2/svg/","svgExt":".svg","source":{"concatemoji":"https://wp-security.org/wp-includes/js/wp-emoji-release.min.js?ver=7.0"}} </script> <script type="module"> /*! This file is auto-generated */ const a=JSON.parse(document.getElementById("wp-emoji-settings").textContent),o=(window._wpemojiSettings=a,"wpEmojiSettingsSupports"),s=["flag","emoji"];function i(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function c(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0);const a=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data);return t.every((e,t)=>e===a[t])}function p(e,t){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var n=e.getImageData(16,16,1,1);for(let e=0;e<n.data.length;e++)if(0!==n.data[e])return!1;return!0}function u(e,t,n,a){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\udde8\ud83c\uddf6","\ud83c\udde8\u200b\ud83c\uddf6")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!a(e,"\ud83e\u1fac8")}return!1}function f(e,t,n,a){let r;const o=(r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):document.createElement("canvas")).getContext("2d",{willReadFrequently:!0}),s=(o.textBaseline="top",o.font="600 32px Arial",{});return e.forEach(e=>{s[e]=t(o,e,n,a)}),s}function r(e){var t=document.createElement("script");t.src=e,t.defer=!0,document.head.appendChild(t)}a.supports={everything:!0,everythingExceptFlag:!0},new Promise(t=>{let n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),c.toString(),p.toString()].join(",")+"));",a=new Blob([e],{type:"text/javascript"});const r=new Worker(URL.createObjectURL(a),{name:"wpTestEmojiSupports"});return void(r.onmessage=e=>{i(n=e.data),r.terminate(),t(n)})}catch(e){}i(n=f(s,u,c,p))}t(n)}).then(e=>{for(const n in e)a.supports[n]=e[n],a.supports.everything=a.supports.everything&&a.supports[n],"flag"!==n&&(a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&a.supports[n]);var t;a.supports.everythingExceptFlag=a.supports.everythingExceptFlag&&!a.supports.flag,a.supports.everything||((t=a.source||{}).concatemoji?r(t.concatemoji):t.wpemoji&&t.twemoji&&(r(t.twemoji),r(t.wpemoji)))}); //# sourceURL=https://wp-security.org/wp-includes/js/wp-emoji-loader.min.js </script> <div style="position:absolute;margin:-1px;padding:0;height:1px;width:1px;overflow:hidden;clip-path:inset(50%);border:0;word-wrap:normal !important;"><p id="a11y-speak-intro-text" class="a11y-speak-intro-text" hidden data-no-translation="" data-trp-gettext="">सूचनाएँ</p><div id="a11y-speak-assertive" class="a11y-speak-region" aria-live="assertive" aria-relevant="additions text" aria-atomic="true"></div><div id="a11y-speak-polite" class="a11y-speak-region" aria-live="polite" aria-relevant="additions text" aria-atomic="true"></div></div>  <script type="text/javascript"> (function () { window.usermaven = window.usermaven || (function () { (window.usermavenQ = window.usermavenQ || []).push(arguments); }) var t = document.createElement('script'), s = document.getElementsByTagName('script')[0]; t.defer = true; t.id = 'um-tracker'; t.setAttribute('data-tracking-host', 'https://u.wp-security.org'); t.setAttribute('data-key', 'UMZaYew9Sp'); t.setAttribute('data-autocapture', 'true'); t.setAttribute('data-randomize-url', 'true'); t.src = 'https://u.wp-security.org/lib.js'; s.parentNode.insertBefore(t, s); })(); </script>  <nav class="trp-language-switcher trp-floating-switcher trp-ls-dropdown trp-switcher-position-bottom" style="--bg:#ffffffb2;--bg-hover:#0000000d;--text:#000000;--text-hover:#000000;--border:1px solid transparent;--border-radius:8px 8px 0px 0px;--flag-radius:2px;--flag-size:20px;--aspect-ratio:4/3;--font-size:16px;--switcher-width:auto;--switcher-padding:10px 0;--transition-duration:0.2s;--bottom:0px;--right:10vw" role="navigation" aria-label="वेबसाइट भाषा चयनकर्ता" data-no-translation > <div class="trp-language-switcher-inner"> <div class="trp-language-item trp-language-item__current" title="Hindi" role="button" tabindex="0" aria-expanded="false" aria-label="Change language" aria-controls="trp-switcher-dropdown-list" data-no-translation><span class="trp-language-item-name">Hindi</span></div> <div class="trp-switcher-dropdown-list" id="trp-switcher-dropdown-list" role="group" aria-label="उपलब्ध भाषाएँ" hidden inert > <a href="https://wp-security.org/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="English" data-no-translation><span class="trp-language-item-name">English</span></a> <a href="https://wp-security.org/zh/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="Chinese (Hong Kong)" data-no-translation><span class="trp-language-item-name">Chinese (Hong Kong)</span></a> <a href="https://wp-security.org/zh_cn/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="Chinese (China)" data-no-translation><span class="trp-language-item-name">Chinese (China)</span></a> <a href="https://wp-security.org/es/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="Spanish" data-no-translation><span class="trp-language-item-name">Spanish</span></a> <a href="https://wp-security.org/fr/vulnerability-database/hong-kong-ngo-alert-xss-in-plugincve20264142/" class="trp-language-item" title="French" data-no-translation><span class="trp-language-item-name">French</span></a> </div> </div> </nav> <script type="text/javascript"> "use strict"; (function($) { $( window ).on( 'load', function() { // Each All Share boxes. $( '.pk-share-buttons-mode-rest' ).each( function() { var powerkitButtonsIds = [], powerkitButtonsBox = $( this ); // Check Counts. if ( ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-counts' ) && ! powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) ) { return; } powerkitButtonsBox.find( '.pk-share-buttons-item' ).each( function() { if ( $( this ).attr( 'data-id' ).length > 0 ) { powerkitButtonsIds.push( $( this ).attr( 'data-id' ) ); } }); // Generate accounts data. var powerkitButtonsData = {}; if( powerkitButtonsIds.length > 0 ) { powerkitButtonsData = { 'ids' : powerkitButtonsIds.join(), 'post_id' : powerkitButtonsBox.attr( 'data-post-id' ), 'url' : powerkitButtonsBox.attr( 'data-share-url' ), }; } // Get results by REST API. $.ajax({ type: 'GET', url: 'https://wp-security.org/hi/wp-json/social-share/v1/get-shares', data: powerkitButtonsData, beforeSend: function(){ // Add Loading Class. powerkitButtonsBox.addClass( 'pk-share-buttons-loading' ); }, success: function( response ) { if ( ! $.isEmptyObject( response ) && ! response.hasOwnProperty( 'code' ) ) { // Accounts loop. $.each( response, function( index, data ) { if ( index !== 'total_count' ) { // Find Bsa Item. var powerkitButtonsItem = powerkitButtonsBox.find( '.pk-share-buttons-item[data-id="' + index + '"]'); // Set Count. if ( data.hasOwnProperty( 'count' ) && data.count ) { powerkitButtonsItem.removeClass( 'pk-share-buttons-no-count' ).addClass( 'pk-share-buttons-item-count' ); powerkitButtonsItem.find( '.pk-share-buttons-count' ).html( data.count ); } else { powerkitButtonsItem.addClass( 'pk-share-buttons-no-count' ); } } }); if ( powerkitButtonsBox.hasClass( 'pk-share-buttons-has-total-counts' ) && response.hasOwnProperty( 'total_count' ) ) { var powerkitButtonsTotalBox = powerkitButtonsBox.find( '.pk-share-buttons-total' ); if ( response.total_count ) { powerkitButtonsTotalBox.find( '.pk-share-buttons-count' ).html( response.total_count ); powerkitButtonsTotalBox.show().removeClass( 'pk-share-buttons-total-no-count' ); } } } // Remove Loading Class. powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' ); }, error: function() { // Remove Loading Class. powerkitButtonsBox.removeClass( 'pk-share-buttons-loading' ); } }); }); }); })(jQuery); </script> </body> </html>