WordPress Newsletter plugin unsafe deserialization vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. An insecure deserialization vulnerability exists in the Newsletter plugin in WordPress versions prior to 6.8.2. An authenticated remote attacker can exploit this vulnerability to inject arbitrar...

CVE-2020-35932

Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges such as subscribers to use the tpncrender AJAX action to inject arbitrary PHP objects via the optionsinlineedits parameter. NOTE: exploitability depends on PH...

WordPress Newsletter plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. An insecure deserialization vulnerability exists in the Newsletter plugin in WordPress versions prior to 6.8.2. An authenticated remote attacker can exploit this vulnerability to inject arbitrar...

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2015-00060)

phpMyAdmin is an online management tool for MySQL databases. Its main functions include creating data tables online, running SQL statements, searching and querying data, and importing and exporting data. Multiple cross-site scripting vulnerabilities in phpMyAdmin version 3.4.x before 3.4.5 allow...

DEBIAN-CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...