26 matches found
Exploit for CVE-2026-8181
CVE-2026-8181 - Burst Statistics Authentication Bypass Exploit...
CVE-2026-8181
The Burst Statistics – Privacy-Friendly WordPress Analytics Google Analytics Alternative plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1. This is due to incorrect return-value handling in the ismainwpauthenticated function when validating application...
WordPress Application Passwords plugin <= 0.1.3 - Reflected Cross-Site Scripting via reject_url vulnerability
Reflected Cross-Site Scripting via rejecturl vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Application Passwords versions = 0.1.3...
CVE-2025-13308
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rejecturl' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes ...
EUVD-2025-201527
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rejecturl' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes ...
CVE-2025-13308
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rejecturl' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes ...
CVE-2025-13308 Application Passwords <= 0.1.3 - Reflected Cross-Site Scripting via reject_url
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rejecturl' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes ...
CVE-2025-13308
CVE-2025-13308 affects the WordPress Application Passwords plugin. It is a Reflected Cross-Site Scripting vulnerability via the reject_url parameter present in versions up to 0.1.3. The issue arises from insufficient input sanitization and output escaping of user-supplied URLs, enabling javascrip...
CVE-2025-13308 Application Passwords <= 0.1.3 - Reflected Cross-Site Scripting via reject_url
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'rejecturl' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes ...
WordPress plugin Application Passwords 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-49339
The Application Passwords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'reject url' parameter in all versions up to, and including, 0.1.3. This is due to insufficient input sanitization and output escaping on user supplied URLs, which allows javascript: URI schemes...
EUVD-2021-12754
Malware in sbrugna...
CVE-2023-26446
The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...
CVE-2021-30482
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly...
CVE-2024-11197 Lock User Account <= 1.0.5 - User Lock Bypass
The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, t...
WordPress plugin Lock User Account 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress
Today the Wordfence team is proud to announce an exciting new feature: The Wordfence Audit Log, included in the Wordfence 8.0 release. The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from...
CVE-2024-9829
The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwaphandledownloaduser' and 'dpwaphandledownloadcomment' functions in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, wit...
Schneider Electric Modicon M340 Trust Management Issue Vulnerability
The Schneider Electric Modicon M340 is a mid-range PLC Programmable Logic Controller for industrial processes and infrastructure from Schneider Electric France. The Schneider Electric Modicon M340 is vulnerable to a trust management issue that arises from the use of hard-coded credentials, which...
CVE-2023-26446
The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...