101 matches found
Cross site scripting
The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
CVE-2022-0347 LoginPress < 1.5.12 - Reflected Cross-Site Scripting
The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
CVE-2022-0347
CVE-2022-0347 affects the LoginPress | Custom Login Page Customizer WordPress plugin prior to 1.5.12. The root cause is that the redirect-page parameter is not escaped before being output in an attribute, enabling a Reflected Cross-Site Scripting attack. This can allow an attacker to inject JavaS...
WordPress的LoginPress | Custom Login Page Customizer插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress LoginPress Plugin versions prior to 1.5.12, which ste...
LoginPress < 1.5.12 - Reflected Cross-Site Scripting
The plugin does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting...
LoginPress < 1.5.12 - Reflected Cross-Site Scripting
The plugin does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting PoC...
WordPress LoginPress Plugin < 1.1.4 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113514";...
WordPress LoginPress Plugin SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.LoginPress is a login page customization plugin used in it. A SQL injection vulnerability exists in WordPress LoginPress plugin version...
WordPress LoginPress Plugin Authorization Issue Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.LoginPress is a login page customization plugin used in it. An authorization issue vulnerability exists in the WordPress LoginPress...
CVE-2019-15872
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...
CVE-2019-15872
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
Design/Logic Flaw
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
Sql injection
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...
CVE-2019-15871
CVE-2019-15871 affects the WordPress LoginPress plugin prior to version 1.1.4. The root cause is a missing capability check for updates to settings, enabling unauthorized actions related to configuration changes. Public references confirm the issue in/LoginPress plugin and echo the need for a ven...
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
CVE-2019-15872
The LoginPress plugin before 1.1.4 for WordPress has SQL injection via an import of settings...
CVE-2019-15872
CVE-2019-15872 affects the WordPress LoginPress plugin prior to version 1.1.4, with a SQL injection via an import of settings. The NVD entry rates CVSSv3 as 9.8 (CRITICAL) and CVSSv2 as 7.5 (HIGH). Multiple sources corroborate: vulnerability in LoginPress
LoginPress <= 1.1.15 - Authenticated Blind SQL Injection
Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site including subscriber profiles. 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused...