41 matches found
WordPress Clean Login <= 1.14.5 Authenticated (Contributor+) - Local File Inclusion
The Clean Login plugin for WordPress up to version 1.14.5 contains a path traversal caused by the 'template' attribute in the clean-login-register shortcode, letting authenticated attackers with contributor access include and execute arbitrary files, exploit requires attacker to have contributor ...
EUVD-2015-9176
Malware in sbrugna...
EUVD-2017-17816
Malware in sbrugna...
EUVD-2022-52115
Malicious code in bioql PyPI...
CVE-2022-4838
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2015-9336
The clean-login plugin before 1.5.1 for WordPress has reflected XSS...
CVE-2024-8252
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2024-8252
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2024-8252
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...
CVE-2024-8252
CVE-2024-8252 affects the Clean Login WordPress plugin. Local File Inclusion via the template attribute in the clean-login-register shortcode exists in all versions up to 1.14.5. Authenticated attackers with Contributor-level access can include server files and execute PHP code, potentially bypas...
WordPress Clean Login plugin <= 1.14.5 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by wesley wcraft in WordPress Plugin Clean Login versions = 1.14.5...
WordPress Clean Login Plugin <= 1.14.5 is vulnerable to Local File Inclusion
Software Clean Login Type Plugin Vulnerable versions = 1.14.5 Fixed in 1.14.6 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2024-8252 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID bdf0887c817a Credits wesley wcraft Required privilege Contributor...
PT-2024-38890
Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...
WordPress plugin Clean Login 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-4838
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
Cross site scripting
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4838
The CVE-2022-4838 entry concerns the WordPress plugin Clean Login before 1.13.7. The issue is a Stored XSS via shortcode attributes: the plugin does not validate and escape certain shortcode attributes before output, enabling a low-privilege user (as low as Contributor) to inject scripts that cou...
CVE-2022-4838 Clean Login < 1.13.7 - Contributor+ Stored XSS via Shortcode
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
WordPress plugin Clean Login 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress Clean Login Plugin < 1.13.7 is vulnerable to Cross Site Scripting (XSS)
Software Clean Login Type Plugin Vulnerable versions 1.13.7 Fixed in 1.13.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4838 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 22741728df39 Credits Lana Codes Required...