Lucene search
K

115 matches found

ATTACKERKB
ATTACKERKB
added 2022/11/11 7:15 a.m.4 views

CVE-2022-3941

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...

5.3CVSS5.6AI score0.00685EPSS
Exploits1References4
Prion
Prion
added 2022/11/11 7:15 a.m.24 views

Design/Logic Flaw

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...

5CVSS5.5AI score0.00685EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/11 12:0 a.m.27 views

CVE-2022-3941 Activity Log Plugin HTTP Header neutralization for logs

A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely...

5.3CVSS5.8AI score0.00685EPSS
Exploits1References3
CVE
CVE
added 2022/11/11 12:0 a.m.54 views

CVE-2022-3941

The CVE-2022-3941 entry describes a vulnerability in the Activity Log Plugin’s HTTP Header Handler, where manipulating the X-Forwarded-For argument causes improper output neutralization in logs. Affected component: HTTP Header Handler within the WordPress Activity Log Plugin. Impact as stated: re...

5.3CVSS5.5AI score0.00685EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/11/08 12:0 a.m.3 views

WordPress plugin Activity Log 注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

9.8CVSS8.4AI score0.00804EPSS
Exploits0References3
NVD
NVD
added 2022/06/16 1:15 p.m.17 views

CVE-2017-20056

A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

5.4CVSS0.00776EPSS
Exploits1References3
Prion
Prion
added 2022/06/16 1:15 p.m.11 views

Cross site scripting

A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

3.5CVSS5.3AI score0.00776EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/06/16 12:20 p.m.16 views

CVE-2017-20056 weblizar User Login Log Plugin Stored cross site scriting

A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting Stored. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

3.5CVSS5.4AI score0.00776EPSS
Exploits1References3
CVE
CVE
added 2022/06/16 12:20 p.m.44 views

CVE-2017-20056

The CVE-2017-20056 entry concerns the WordPress plugin WebLizar User Login Log Plugin version 2.2.1, with a stored cross-site scripting (XSS) vulnerability in an unspecified function. The issue can be exploited remotely and the exploit has been disclosed publicly. The connected documents confirm ...

5.4CVSS4.5AI score0.00776EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WP System Log plugin is a WordPress open source application plugin. WordPress WP System Log plugin in versions pri...

6.1CVSS5.7AI score0.01322EPSS
Exploits2References2
CNVD
CNVD
added 2021/12/09 12:0 a.m.16 views

WordPress Email Log plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...

6.1CVSS2.2AI score0.008EPSS
Exploits2References1
OSV
OSV
added 2021/12/06 4:15 p.m.3 views

CVE-2021-24924

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.4AI score
Exploits0References1
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.2 views

WordPress 插件跨站脚本漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Email Log plugin has a cross-site scripting vulnerability in versions prior to 2.4.8, which stems from a lack of...

6.1CVSS5.6AI score0.008EPSS
Exploits2References1
CNVD
CNVD
added 2021/11/21 12:0 a.m.4 views

WordPress Email Log plugin SQL injection vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Email Log plugin prior to version 2.4.7, which originate...

8.8CVSS7.9AI score0.01292EPSS
Exploits2References1
OSV
OSV
added 2021/11/17 11:15 a.m.5 views

CVE-2021-24758

The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...

8.8CVSS5.8AI score0.01292EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/11/08 12:0 a.m.11 views

Email Log < 2.4.8 - Reflected Cross-Site Scripting

The plugin does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=email-log="+style=animation-name:rotation+onanimationstart=alert/XSS///...

6.1CVSS5.7AI score0.008EPSS
Exploits2Affected Software1
CNVD
CNVD
added 2019/08/29 12:0 a.m.3 views

WordPress link-log plugin injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. link-log is a plugin used to store a log of external link clicks. An injection vulnerability exists in WordPress link-log plugin...

7.5CVSS7.1AI score0.01389EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/29 12:0 a.m.0 views

WordPress link-log plugin SQL injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. link-log is a plugin used to store a log of external link clicks. A SQL injection vulnerability exists in WordPress link-log plugin...

9.8CVSS8AI score0.01795EPSS
Exploits0References1
NVD
NVD
added 2019/08/27 12:15 p.m.17 views

CVE-2015-9345

The link-log plugin before 2.0 for WordPress has HTTP Response Splitting...

7.5CVSS7.7AI score0.01389EPSS
Exploits0References1
NVD
NVD
added 2019/08/27 12:15 p.m.13 views

CVE-2015-9344

The link-log plugin before 2.1 for WordPress has SQL injection...

9.8CVSS10AI score0.01795EPSS
Exploits0References1
Rows per page
Query Builder