49 matches found
Sql injection
A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwidclass.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to versio...
CVE-2015-10100
CVE-2015-10100 affects Dynamic Widgets Plugin for WordPress (versions up to 1.5.10). The vulnerability stems from SQL injection in the file classes/dynwid_class.php (or dynwid_class.php in related docs), enabling remote exploitation with no user interaction. Upgrading to version 1.5.11 addresses ...
WordPress plugin Dynamic Widgets SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
PT-2023-10279 · WordPress · Dynamic Widgets Plugin
Name of the Vulnerable Software and Affected Versions: Dynamic Widgets Plugin versions 1.5.10 and earlier Description: A critical issue has been found in the Dynamic Widgets Plugin, affecting some unknown processing of the file classes/dynwid class.php. The manipulation leads to sql injection. Th...
WordPress Dynamic Widgets plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Dynamic Widgets plugin prior to version 1.5.16,...
CVE-2021-24933
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24933
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...
Cross site scripting
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24933 Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Dynamic Widgets plugin prior to version 1.5.16,...
WordPress Dynamic Widgets plugin <= 1.5.16 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Dynamic Widgets plugin versions = 1.5.16. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...
Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...
Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting
The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue PoC...
WordPress dynamic-widgets plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. dynamic-widgets is a dynamic widget management plugin used in it. A cross-site request forgery vulnerability exists in WordPress...
WordPress dynamic-widgets plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. dynamic-widgets is a dynamic widget management plugin used in it. A cross-site scripting vulnerability exists in WordPress...
Design/Logic Flaw
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=termtree prefix or widgetid parameter...
Cross site request forgery (csrf)
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config pagelimit parameter...
CVE-2015-9437
The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config pagelimit parameter...
CVE-2015-9437
The CVE refers to the WordPress Dynamic Widgets plugin, affected versions prior to 1.5.11. The issue is a CSRF that can lead to a stored/XSS outcome via the wp-admin/themes.php?page=dynwid-config page_limit parameter. Several connected sources confirm that this vulnerability concerns Dynamic Widg...
CVE-2015-9436
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=termtree prefix or widgetid parameter...