WordPress Plugin Easy Testimonials 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-12509 · WordPress · Staff Directory Plugin

Name of the Vulnerable Software and Affected Versions: Staff Directory Plugin versions up to, and including, 3.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the saveCustomFields function. This allows unauthenticated attackers to...

PT-2023-11889 · WordPress · Easy Testimonials

Name of the Vulnerable Software and Affected Versions: Easy Testimonials plugin for WordPress versions up to and including 3.6.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the saveCustomFields function. This allows unauthenticat...

CVE-2023-33213

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Display Custom Fields – wpView plugin = 1.3.0 versions...

CVE-2023-33213

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Display Custom Fields – wpView plugin = 1.3.0 versions...

CVE-2023-33213 WordPress wpView Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in gVectors Display Custom Fields – wpView plugin = 1.3.0 versions...

CVE-2023-33213

CVE-2023-33213 concerns the WordPress plugin Display Custom Fields – wpView . Affected software: wpView plugin versions up to and including 1.3.0. The vulnerability is a Stored Cross-Site Scripting (XSS) issue, with exploitation requiring Administrator privileges. The connected documents provide ...

WordPress Plugin gVectors Display Custom Fields–wpView 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2020-36727

The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially makes it possible for...

PT-2023-11869 · Unknown · Newsletter Manager

Name of the Vulnerable Software and Affected Versions: Newsletter Manager versions up to, and including, 1.5.1 Description: The issue is related to insecure deserialization. This is caused by unsanitized input from the customFieldsDetails parameter being passed through a deserialization function,...

HikaShop Joomla Plugin, , SQL Injection

anyone with access to the order management in the backend of HikaShop to be able to use a MySQL injection to extract data from the database. "payment methods" restriction setting to custom fields of the "order" table in HikaShop 4.4.1, so prior versions of HikaShop are not impacted...

CVE-2022-47157

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...

CVE-2022-47157

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...

CVE-2022-47157 WordPress WP Custom Fields Search Plugin <= 1.2.34 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Don Benjamin WP Custom Fields Search plugin = 1.2.34 versions...

CVE-2022-47157

CVE-2022-47157 concerns the WordPress plugin WP Custom Fields Search (Don Benjamin) up to version 1.2.34. The vulnerability is a stored XSS caused by insufficient sanitization/escaping in plugin settings, exploitable by users with admin privileges (administrator+). Impact is stored script injecti...

WordPress Plugin WP Custom Fields Search 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

Advanced Custom Fields for WordPress < 5.12.6 Cross-Site Scripting

The WordPress Advanced Custom Fields Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

XSS Vulnerability in Popular WordPress Plugin Affects 2 Million Sites

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A Cross-Site scripting vulnerability has been discovered in an Advanced Custom Fields plugin for WordPress which has put 2 Million websites at risk. To receive real-time threat advisories, please...

VulnCheck KEV: CVE-2023-30777

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...

CVE-2023-30777

Unauth. Reflected Cross-Site Scripting XSS vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins = 6.1.5 versions...