52 matches found
EUVD-2021-11281
Malware in sbrugna...
CVE-2025-5084
The Post Grid Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘argsArray'readmoretext'’ parameter in all versions up to, and including, 3.4.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress QR Master plugin <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin QR Master versions = 1.0.5...
CVE-2024-13369
The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘reviewid’ parameter in all versions up to, and including, 5.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13369
The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘reviewid’ parameter in all versions up to, and including, 5.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13369
The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘reviewid’ parameter in all versions up to, and including, 5.3.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2024-13369
CVE-2024-13369 affects the WordPress plugin Tour Master - Tour Booking, Travel, Hotel . It is a time-based SQL Injection via the parameter review_id in all versions up to 5.3.6. Exploitation requires authentication at Subscriber+ level and can be used to extract data from the database. The issue ...
WordPress plugin Tour Master SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
CVE-2020-35951
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurre...
WordPress Photo Video Gallery Master plugin <= 1.5.3 - Authenticated PHP Object Injection vulnerability
Authenticated PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Photo Video Gallery Master versions = 1.5.3...
CVE-2023-47834 WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ExpressTech Quiz And Survey Master plugin = 8.1.13 versions...
CVE-2023-0292
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...
CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion
The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...
WordPress sites backdoored with ad fraud plugin
WordPress is an immensely popular content management system CMS powering over 43% of all websites. Many webmasters will monetize their sites by running ads and need to draw particular attention to search engine optimization SEO techniques to maximize their revenues. But some people will take a...
WordPress Plugin ExpressTech Quiz And Survey Master 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2022-4032
The CVE-2022-4032 entry concerns the WordPress plugin Quiz and Survey Master. Affected versions are up to and including 8.0.4. The root cause is insufficient input sanitization and output escaping for the question[id] parameter, allowing unauthenticated attackers to inject iframe tags into pages....
CVE-2022-40698
Auth. subscriber+ Cross-Site Scripting XSS vulnerability in Quiz And Survey Master plugin = 7.3.10 on WordPress...
CVE-2022-42883
CVE-2022-42883 describes a sensitive information disclosure in the WordPress plugin Quiz And Survey Master for versions prior to 7.3.11 (up to 7.3.10). The vulnerability affects the plugin’s handling of data and could reveal sensitive information. The practical impact and exact root cause are not...
CVE-2022-41652
Bypass vulnerability in Quiz And Survey Master plugin = 7.3.10 on WordPress...
CVE-2022-41652
CVE-2022-41652 affects the WordPress Quiz And Survey Master plugin up to version 7.3.10, described as a bypass vulnerability. Public sources consistently refer to a bypass of security controls in this plugin version. Impact details in the connected records indicate potential effects on confidenti...