77 matches found
WordPress Appointment Hour Booking Plugin < 1.3.16 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dwbooster:appointmenthourbooking"; ifdescription...
Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Login with admin user and navigate to "Giveaways...
Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields
The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Partial fixes were implemented in versions...
ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting via Form Settings
The plugin does not sanitize and escape several form fields before outputting them to pages on the site, allowing authenticated admin+ users to inject arbitrary web scripts even when unfiltered html has been disabled such as in a multisite setup...
CVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3350 Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Contact Bank 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...
CVE-2022-2567
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Wordpress Plugin Ivory Search Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in versio...
CVE-2021-25105
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Cross site scripting
The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
The plugin does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a new Calendar Appointment Hour Booking Add new Put the following payload in the Form...
WordPress RegistrationMagic elevation of privilege vulnerability (CNVD-2020-16636)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.RegistrationMagic is a user registration plugin used in it. A security vulnerability exists in WordPress RegistrationMagic 4.6.0.3 and...
CVE-2020-9457
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...
Privilege escalation
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...
CVE-2020-9457
CVE-2020-9457 affects the WordPress plugin RegistrationMagic up to version 4.6.0.3. A remote authenticated user with minimal privileges can exploit via the file class_rm_form_settings_controller.php to import vulnerable custom forms and modify form settings, resulting in privilege escalation (adm...