EUVD-2023-55578

Malicious code in bioql PyPI...

PT-2025-1490 · Unknown · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms versions through 2.3.28 Description: The issue is related to a Missing Authorization vulnerability in the Kali Forms Contact Form builder with drag & drop, allowing exploitation of incorrectly configured access control security...

WordPress plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.27 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46083 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 538b41872f6e...

WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection

Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...

Sql injection

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

CVE-2023-0381 GigPress <= 2.3.28 - Subscriber+ SQLi

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

WordPress Plugin GigPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...

CVE-2022-4759

The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress plugin GigPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-15413 · WordPress · Gigpress

Name of the Vulnerable Software and Affected Versions: GigPress WordPress plugin versions prior to 2.3.28 Description: The issue concerns the GigPress WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

WordPress GigPress Plugin <= 2.3.27 is vulnerable to Cross Site Scripting (XSS)

Software GigPress Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5602dcf35459 Credits WordfenceTeam Required privilege...

Apache Struts XSS Vulnerability

Apache Struts 2.x before 2.3.28 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors involving language display...

org.apache.struts:struts2-apps (=2.3.28), org.apache.struts:struts2-assembly (=2.3.28) +39 more potentially affected by CVE-2016-3087 via org.apache.struts:struts2-core (=2.3.28)

org.apache.struts:struts2-core MAVEN version =2.3.28 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts2-core and may be impacted: - org.apache.struts:struts2-apps =2.3.28 - org.apache.struts:struts2-assembly =2.3.28 -...

Apache Struts vulnerable to arbitrary remote code execution due to improper input validation

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...

Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution', 'Description' = %q This module exploits a remo...

CVE-2016-3087

Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin...

PT-2016-5363

Name of the Vulnerable Software and Affected Versions Apache Struts versions 2.3.19 through 2.3.28 Description The issue allows remote attackers to execute arbitrary code via vectors related to an ! exclamation mark operator to the REST Plugin when Dynamic Method Invocation is enabled...

Apache Struts Security Update (S2-028, S2-030, S2-034)

Apache Struts is prone to multiple vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Apache Struts XSLTResult Arbitrary Code Execution Vulnerability

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source framework for creating enterprise-class Java Web applications. A security vulnerability exists in XSLTResult in Apache Struts versions 2.0.0 through 2.3.28, which can be exploited by...