Lucene search
+L

49 matches found

prion
prion
added 2023/04/10 6:15 p.m.18 views

Sql injection

A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10 on WordPress. This issue affects some unknown processing of the file classes/dynwidclass.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to versio...

7.5CVSS7.8AI score0.01054EPSS
Exploits0References4Affected Software1
cve
cve
added 2023/04/10 6:0 p.m.37 views

CVE-2015-10100

CVE-2015-10100 affects Dynamic Widgets Plugin for WordPress (versions up to 1.5.10). The vulnerability stems from SQL injection in the file classes/dynwid_class.php (or dynwid_class.php in related docs), enabling remote exploitation with no user interaction. Upgrading to version 1.5.11 addresses ...

9.8CVSS9.8AI score0.01054EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2023/04/10 12:0 a.m.10 views

WordPress plugin Dynamic Widgets SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

9.8CVSS7.9AI score0.01054EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2023/04/10 12:0 a.m.8 views

PT-2023-10279 · WordPress · Dynamic Widgets Plugin

Name of the Vulnerable Software and Affected Versions: Dynamic Widgets Plugin versions 1.5.10 and earlier Description: A critical issue has been found in the Dynamic Widgets Plugin, affecting some unknown processing of the file classes/dynwid class.php. The manipulation leads to sql injection. Th...

9.8CVSS7AI score0.01054EPSS
Exploits0References8
cnvd
cnvd
added 2022/03/02 12:0 a.m.25 views

WordPress Dynamic Widgets plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Dynamic Widgets plugin prior to version 1.5.16,...

5.4CVSS5.2AI score0.00591EPSS
Exploits2References1
osv
osv
added 2022/02/28 9:15 a.m.3 views

CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

5.4CVSS6.1AI score0.00591EPSS
Exploits2References1
nvd
nvd
added 2022/02/28 9:15 a.m.23 views

CVE-2021-24933

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

5.4CVSS0.00591EPSS
Exploits2References1
prion
prion
added 2022/02/28 9:15 a.m.14 views

Cross site scripting

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

3.5CVSS5.3AI score0.00591EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/02/28 9:6 a.m.20 views

CVE-2021-24933 Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

The Dynamic Widgets WordPress plugin through 1.5.16 does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue...

5.6AI score0.00591EPSS
Exploits2References1
cnnvd
cnnvd
added 2022/02/28 12:0 a.m.3 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Dynamic Widgets plugin prior to version 1.5.16,...

5.4CVSS5.6AI score0.00591EPSS
Exploits2References2
patchstack
patchstack
added 2022/01/26 12:0 a.m.29 views

WordPress Dynamic Widgets plugin <= 1.5.16 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Dynamic Widgets plugin versions = 1.5.16. Solution Deactivate and delete. This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review...

5.4CVSS2.9AI score0.00591EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/12/28 12:0 a.m.121 views

Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue var form1 = document.getElementById'hack'; form1.submit;...

5.3AI score0.00591EPSS
Exploits2
wpvulndb
wpvulndb
added 2021/12/28 12:0 a.m.18 views

Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting

The plugin does not escape the prefix parameter before outputting it back in an attribute when using the termtree AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting issue PoC...

2AI score0.00591EPSS
Exploits2Affected Software1
cnvd
cnvd
added 2019/10/11 12:0 a.m.5 views

WordPress dynamic-widgets plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. dynamic-widgets is a dynamic widget management plugin used in it. A cross-site request forgery vulnerability exists in WordPress...

6.5CVSS6.7AI score0.00881EPSS
Exploits1References1
cnvd
cnvd
added 2019/10/11 12:0 a.m.4 views

WordPress dynamic-widgets plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. dynamic-widgets is a dynamic widget management plugin used in it. A cross-site scripting vulnerability exists in WordPress...

5.4CVSS6.2AI score0.01044EPSS
Exploits1References1
prion
prion
added 2019/09/26 2:15 a.m.14 views

Design/Logic Flaw

The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=termtree prefix or widgetid parameter...

3.5CVSS6.1AI score0.01044EPSS
Exploits1References3Affected Software1
prion
prion
added 2019/09/26 2:15 a.m.19 views

Cross site request forgery (csrf)

The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config pagelimit parameter...

4.3CVSS6.2AI score0.00881EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2019/09/26 1:18 a.m.22 views

CVE-2015-9437

The dynamic-widgets plugin before 1.5.11 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=dynwid-config pagelimit parameter...

6.3AI score0.00881EPSS
Exploits1References3
cve
cve
added 2019/09/26 1:18 a.m.141 views

CVE-2015-9437

The CVE refers to the WordPress Dynamic Widgets plugin, affected versions prior to 1.5.11. The issue is a CSRF that can lead to a stored/XSS outcome via the wp-admin/themes.php?page=dynwid-config page_limit parameter. Several connected sources confirm that this vulnerability concerns Dynamic Widg...

6.5CVSS6.2AI score0.00881EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2019/09/26 1:15 a.m.16 views

CVE-2015-9436

The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=termtree prefix or widgetid parameter...

5.4AI score0.01044EPSS
Exploits1References3
Rows per page
Query Builder