WordPress plugin Ajax Comment Form CST 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

WordPress Ajax Comment Form CST plugin <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by johska in WordPress Plugin Ajax Comment Form CST versions = 1.2...

WordPress Multilang Contact Form Plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Multilang Contact Form versions = 1.5...

Cross site request forgery (csrf)

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke...

CVE-2022-3220

The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3220

The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3220 Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin Advanced Comment Form 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. versions prior to WordPress Advanced Comment Form 1.2.1 have a cross-site scripting vulnerability that stems...

WordPress Advanced Comment Form <= 1.2.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Advanced Comment Form versions = 1.2.0. Solution Update the WordPress Advanced Comment Form plugin to the latest available version at least 1.2.1...

GHSA-2P28-5MVP-2J2R Drupal Comment reply form allows access to restricted content

In Drupal versions 8.4.x versions before 8.4.5 users with permission to post comments are able to view content and comments they do not have access to, and are also able to add comments to this content. This vulnerability is mitigated by the fact that the comment system must be enabled and the...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payloads: - in the htaccess File Options htaccess File Editor...

U.S. Dept Of Defense: Stored XSS via Comment Form at ████████

Summary: An attacker can submit a comment form with injected HTML, leading to a number of malicious effects Step-by-step Reproduction Instructions 1. Browse to https://████ 2. Complete the form. I placed " in the Name field. Some example payloads for the Comments field are as follows: For...

Unauthorized Access

drupal/drupal is vulnerable to unauthorized access attacks. The vulnerability exists in the Comment reply form where users who can post comments are able to view and add comments that they are not authorized to do so...

Comment reply form allows access to restricted content.

More info at https://www.drupal.org/SA-CORE-2018-001...

WordPress 3.8.1 / 3.8.2 / 4.2.2 Cross Site Request Forgery Vulnerability

A cross site request forgery vulnerability in the comment form of WordPress versions 3.8.1, 3.8.2, and 4.2.2 allows for administrative impersonation. Details ================ Software: WordPress Version: 3.8.1,3.8.2,4.2.2 Homepage: http://wordpress.org/ Advisory report:...

b2evolution 4.0.3 Persistent XSS Vulnerability

No description provided by source. Source: http://packetstormsecurity.org/files/view/99362/b2evolution403-xss.txt ------------------------------------------------------------------------ Software................b2evolution 4.0.3 Vulnerability...........Persistent Cross-site Scripting Threat...

Anchor CMS 0.9.1 - Stored XSS Vulnerability

No description provided by source. Exploit Title : AnchorCMS Stored XSS exploit v0.9.1 Exploit Author: DURAKIBOX / dn5 Website : halisduraki.com Email : [email protected] Date : 18.7.2013. CMS uri : http://anchorcms.com/ Version : AnchorCMS = 0.9.1 About the CMS Anchor is a super-simple, lightweigh...

Anchor CMS 0.9.1 - Persistent Cross-Site Scripting

Anchor CMS 0.9.1 - Persistent Cross-Site Scripting Exploit Title : AnchorCMS Stored XSS exploit v0.9.1 Exploit Author: DURAKIBOX / dn5 Website : halisduraki.com Email : [email protected] Date : 18.7.2013. CMS uri : http://anchorcms.com/ Version : AnchorCMS File : article.php file shows article/post...

b2evolution 4.0.3 - Persistent Cross-Site Scripting

b2evolution 4.0.3 - Persistent Cross-Site Scripting Source: http://packetstormsecurity.org/files/view/99362/b2evolution403-xss.txt ------------------------------------------------------------------------ Software................b2evolution 4.0.3 Vulnerability...........Persistent Cross-site...