115 matches found
CVE-2022-3941
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...
Design/Logic Flaw
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...
CVE-2022-3941 Activity Log Plugin HTTP Header neutralization for logs
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...
CVE-2022-3941
The CVE-2022-3941 entry describes a vulnerability in the Activity Log Plugin’s HTTP Header Handler, where manipulating the X-Forwarded-For argument causes improper output neutralization in logs. Affected component: HTTP Header Handler within the WordPress Activity Log Plugin. Impact as stated: re...
WordPress plugin Activity Log 注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2017-20056
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...
Cross site scripting
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...
CVE-2017-20056 weblizar User Login Log Plugin Stored cross site scriting
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...
CVE-2017-20056
The CVE-2017-20056 entry concerns the WordPress plugin WebLizar User Login Log Plugin version 2.2.1, with a stored cross-site scripting (XSS) vulnerability in an unspecified function. The issue can be exploited remotely and the exploit has been disclosed publicly. The connected documents confirm ...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WP System Log plugin is a WordPress open source application plugin. WordPress WP System Log plugin in versions pri...
WordPress Email Log plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...
CVE-2021-24924
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue...
WordPress 插件跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...
WordPress Email Log plugin SQL injection vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Email Log plugin prior to version 2.4.7, which originate...
CVE-2021-24758
The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...
Email Log < 2.4.8 - Reflected Cross-Site Scripting
The plugin does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=email-log="+style=animation-name:rotation+onanimationstart=alert/XSS///...
WordPress link-log plugin injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. link-log is a plugin used to store a log of external link clicks. An injection vulnerability exists in WordPress link-log plugin...
WordPress link-log plugin SQL injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. link-log is a plugin used to store a log of external link clicks. A SQL injection vulnerability exists in WordPress link-log plugin...
CVE-2015-9345
The link-log plugin before 2.0 for WordPress has HTTP Response Splitting...
CVE-2015-9344
The link-log plugin before 2.1 for WordPress has SQL injection...