54 matches found
CVE-2024-10890
CVE-2024-10890 describes a reflected Cross-Site Scripting vulnerability in the WordPress plugin “WPAdverts – Classifieds Plugin” up to version 2.1.7. The issue stems from using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject script into pag...
CVE-2024-10890 WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to injec...
WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10890 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cf76651e6ed6 Credits...
CVE-2024-10108
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
CVE-2024-10108 WPAdverts – Classifieds Plugin <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via adverts_add Shortcode
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...
PT-2024-16031 · WordPress · Wpadverts
Name of the Vulnerable Software and Affected Versions: WPAdverts – Classifieds Plugin versions up to, and including, 2.1.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's adverts add shortcode due to insufficient input sanitization and output escaping. This allow...
WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10108 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d98a67dcc148 Credits...
WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.2 Fixed in 2.1.3 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-37238 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 19fe789eab09 Credits Majed Refa...
WordPress Plugin WordPress Classifieds Plugin 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WordPress Classifieds Plug...
CVE-2023-51473
Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3...
CVE-2023-51473
CVE-2023-51473 affects TerraClassifieds – Simple Classifieds Plugin for WordPress (up to version 2.0.3). The vulnerability is an Unrestricted Upload of File with Dangerous Type, allowing unauthenticated arbitrary file uploads. Public references in the provided docs confirm it as an active issue w...
CVE-2023-41801
Cross-Site Request Forgery CSRF vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin = 4.3 versions...
PT-2023-28101 · Awp Classifieds · Awp Classifieds Team Ad Directory & Listings
Name of the Vulnerable Software and Affected Versions: AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin versions = 4.3 Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended...
WordPress Plugin WordPress Classifieds Plugin - Ad Directory & Listings by AWP Classifieds Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WordPress...
CVE-2022-3254
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...
Sql injection
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...
CVE-2022-3254
CVE-2022-3254 affects the WordPress AWP Classifieds Plugin (versions prior to 4.3). The issue is an SQL injection caused by improper sanitization/escaping of parameters in an unauthenticated AJAX action, and is triggered when a specific premium module is active. The vulnerability allows execution...
CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi
The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...
WordPress plugin WordPress Classifieds Plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...