43 matches found
WordPress Plugin WP Maintenance Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...
CVE-2024-1472 WP Maintenance <= 6.1.6 - Information Exposure
The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...
CVE-2024-1472 WP Maintenance <= 6.1.6 - Information Exposure
The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API...
MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection
Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated...
WP Maintenance Plugin for WordPress < 6.0.6 Stored Cross-Site Scripting
The WordPress WP Maintenance Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
WP Maintenance Plugin for WordPress < 6.0.8 Stored Cross-Site Scripting
The WordPress WP Maintenance Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
CVE-2022-30536
Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...
CVE-2022-30536 WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...
WordPress plugin WP Maintenance 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2022-30536
Authenticated Stored Cross-Site Scripting XSS vulnerability in Florent Maillefaud's WP Maintenance plugin = 6.0.7 at WordPress...
WordPress WP Maintenance plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
Cross site scripting
Authenticated admin+ Stored Cross-Site Scripting XSS in WP Maintenance plugin = 6.0.7 versions...
CVE-2021-36828
CVE-2021-36828 affects the WordPress WP Maintenance plugin, with an authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to 6.0.7. The issue involves multiple inputs not being properly sanitized, enabling XSS by privileged users. Several sources (NVD/NIST, CVE rec...
CVE-2021-36828 WordPress WP Maintenance plugin <= 6.0.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated admin+ Stored Cross-Site Scripting XSS in WP Maintenance plugin = 6.0.7 versions...
WordPress WP Maintenance plugin <= 6.0.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas Patchstack Alliance in WordPress WP Maintenance plugin versions = 6.0.7. Solution Update the WordPress WP Maintenance plugin to the latest available version at least 6.0.8...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in Countdown,...
CVE-2022-0188 Coming Soon & Maintenance Plugin by NiteoThemes < 4.0.19 - Unauthenticated Arbitrary CSS Update
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress Coming soon and Maintenance plugin...
WordPress Maintenance Plugin < 4.03 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2021-24533
The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them even when the unfilteredhtml capability is disallowed, which will be triggered in the frontend...