Lucene search
K

77 matches found

OpenVAS
OpenVAS
added 2023/08/11 12:0 a.m.13 views

WordPress Appointment Hour Booking Plugin < 1.3.16 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dwbooster:appointmenthourbooking"; ifdescription...

4.8CVSS5.3AI score0.00598EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/03/20 12:0 a.m.80 views

Simple Giveaways < 2.45.1 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Login with admin user and navigate to "Giveaways...

4.8CVSS5.3AI score0.00442EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/01/17 12:0 a.m.23 views

Calculated Fields Form < 1.1.151 - Admin+ Stored Cross-Site Scripting via Dropdown Fields

The plugin does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Partial fixes were implemented in versions...

3AI score0.00473EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/23 12:0 a.m.26 views

ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting via Form Settings

The plugin does not sanitize and escape several form fields before outputting them to pages on the site, allowing authenticated admin+ users to inject arbitrary web scripts even when unfiltered html has been disabled such as in a multisite setup...

5.5CVSS1.8AI score0.00634EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/10/25 5:15 p.m.2 views

CVE-2022-3350

The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.8AI score0.00489EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/10/25 12:0 a.m.21 views

CVE-2022-3350 Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting

The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00489EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/25 12:0 a.m.5 views

WordPress plugin Contact Bank 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00489EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/09/29 12:0 a.m.25 views

Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Create/edit a form and put the following...

4.8CVSS0.7AI score0.00489EPSS
Exploits2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/19 2:15 p.m.4 views

CVE-2022-2567

The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.005EPSS
Exploits2References2
CNVD
CNVD
added 2022/03/31 12:0 a.m.21 views

Wordpress Plugin Ivory Search Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in versio...

3.5CVSS4.8AI score0.00598EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/02/07 4:15 p.m.4 views

CVE-2021-25105

The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
Prion
Prion
added 2022/02/07 4:15 p.m.21 views

Cross site scripting

The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.7AI score0.00598EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/06 12:0 a.m.19 views

Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting

The plugin does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create a new Calendar Appointment Hour Booking Add new Put the following payload in the Form...

4.8CVSS0.4AI score0.00598EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2020/03/10 12:0 a.m.5 views

WordPress RegistrationMagic elevation of privilege vulnerability (CNVD-2020-16636)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.RegistrationMagic is a user registration plugin used in it. A security vulnerability exists in WordPress RegistrationMagic 4.6.0.3 and...

8.8CVSS6.7AI score0.02533EPSS
Exploits1References1
OSV
OSV
added 2020/03/06 7:15 p.m.3 views

CVE-2020-9457

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

8.8CVSS7.3AI score0.02533EPSS
Exploits1References3
Prion
Prion
added 2020/03/06 7:15 p.m.13 views

Privilege escalation

The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users with minimal privileges to import custom vulnerable forms and change form settings via classrmformsettingscontroller.php, resulting in privilege escalation...

6.5CVSS8.3AI score0.02533EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/03/06 6:56 p.m.119 views

CVE-2020-9457

CVE-2020-9457 affects the WordPress plugin RegistrationMagic up to version 4.6.0.3. A remote authenticated user with minimal privileges can exploit via the file class_rm_form_settings_controller.php to import vulnerable custom forms and modify form settings, resulting in privilege escalation (adm...

8.8CVSS8.3AI score0.02533EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder