EUVD-2021-34200

Malicious code in bioql PyPI...

WordPress plugin Better Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2021-4373

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as...

CVE-2024-29142 WordPress Better Search plugin <= 3.3.0 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0...

WordPress Plugin Better Search Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

CVE-2021-4400

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearchprocesssettingsimport and bsearchprocesssettingsexport functions. This makes it possible for unauthenticat...

CVE-2021-4400

The CVE-2021-4400 entry concerns the WordPress Better Search plugin. A CSRF vulnerability exists in versions up to 2.5.2 caused by missing or incorrect nonce validation in bsearch_process_settings_import() and bsearch_process_settings_export(). This enables unauthenticated attackers to import and...

PT-2023-12512 · WordPress · The Better Search

Name of the Vulnerable Software and Affected Versions: The Better Search plugin for WordPress versions up to, and including, 2.5.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the bsearch process settings import and bsearch proces...

CVE-2021-4373

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as...

CVE-2021-4373

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as...

CVE-2021-4373 Better Search <= 2.5.2 - Cross-Site Request Forgery to Settings Import

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to import settings via forged request granted they can trick a site administrator into performing an action such as...

Better Search < 2.5.3 - CSRF Nonce Bypass in Import/Export

The plugin did not properly check the CSRF nonces when exporting and importing settings, allowing attackers to make a logged in user with the manageoptions capability export and import arbitrary settings by not providing the nonce parameter in the request POST...

WordPress Better Search Plugin <= 1.3.4 - Reflective XSS

This plugin is prone to a reflective cross site scripting vulnerability. Solution Update the plugin...

WordPress Better Search Plugin <= 1.2.1 - CSRF

This plugin is prone to a cross site request forgery vulnerability in admin.inc.php. Solution Upgrade the plugin...