WordPress Plugin What3words Autosuggest 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure vulnerabilit...

PT-2023-12541 · What3Words · What3Words Autosuggest Plugin

Name of the Vulnerable Software and Affected Versions: what3words Autosuggest Plugin versions up to 4.0.0 Description: A vulnerability has been found in the what3words Autosuggest Plugin, classified as problematic. The issue affects the enqueue scripts function of the file...

CVE-2021-4405

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...

CVE-2021-4405 ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...

CVE-2021-4405 ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...

WordPress Plugin ElasticPress 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-12517 · WordPress · Elasticpress

Name of the Vulnerable Software and Affected Versions: ElasticPress plugin for WordPress versions up to, and including, 3.5.3 Description: The issue is due to missing or incorrect nonce validation on the epio send autosuggest allowed function, making it possible for unauthenticated attackers to...

@dmrvos/infrajs (>=0.0.4 <=0.0.8), @marjose/jstoolkit (>=0.0.2 <=1.0.0-beta) +10 more potentially affected by CVE-2021-21252 via jquery-validation (>=1.14.0 <=1.19.1)

jquery-validation NPM version =1.14.0, =0.0.4, =0.0.2, =0.2.2, =3.0.0, =0.11.28, =0.0.8, =1.4.0, =1.0.0, =3.0.0-prerelease.20170216T120000Z, =1.0.0, =1.0.6 - webpack-symfony-builder =1.0.0 Source cves: CVE-2021-21252 Source advisory: OSV:GHSA-JXWX-85VP-GVWM...

CVE-2020-35610 [20201101] - Core - com_finder ignores access levels on autosuggest

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of comfinder did not respect the access level of the corresponding terms...

[20201101] - Core - com_finder ignores access levels on autosuggest

The autosuggestion feature of comfinder did not respect the access level of the corresponding terms...

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

Cross site scripting

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter...

PT-2019-16101 · WordPress · Laborator Neon

Name of the Vulnerable Software and Affected Versions: Laborator Neon theme version 2.0 Description: A cross-site scripting XSS issue was found in the Laborator Neon theme for WordPress. The issue is related to the q parameter in the "data/autosuggest-remote.php" endpoint. Recommendations: For...

WordPress WP AutoSuggest plugin 0.24 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Kaimi in WordPress WP AutoSuggest plugin versios 0.24. Solution 08.01.2019 - we were unable to find a patched version of this plugin...

WordPress Plugin AutoSuggest 'wpas_keys' SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin AutoSuggest 'wpaskeys'. An attacker can exploit the vulnerabilit...

WordPress AutoSuggest 0.24 Plugin - wpas_keys SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WP AutoSuggest 0.24 - SQL Injection Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code...

WordPress AutoSuggest 0.24 SQL Injection

Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File: autosuggest.php Vulnerable code: if isset$GET'wpaskeys' $wpaskeys =...

WordPress Plugin AutoSuggest 0.24 - wpas_keys SQL Injection

WordPress Plugin AutoSuggest 0.24 - wpaskeys SQL Injection Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File:...