3948 matches found
CVE-2022-4859
A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument...
CVE-2022-4859 Joget User Profile Menu UserProfileMenu.java submitForm cross site scripting
A vulnerability, which was classified as problematic, has been found in Joget up to 7.0.33. This issue affects the function submitForm of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UserProfileMenu.java of the component User Profile Menu. The manipulation of the argument...
Joget 跨站脚本漏洞
Joget is an open source no-code/low-code application platform from Joget Open Source. For faster and simpler digital conversion DX. Joget versions prior to 7.0.34 cross-site scripting vulnerability , the vulnerability stems from the file...
PT-2022-28145 · Joget · Joget
Name of the Vulnerable Software and Affected Versions: Joget versions up to 7.0.33 Description: A problematic issue has been found in Joget, affecting the submitForm function of the UserProfileMenu component. The manipulation of the firstName/lastName arguments leads to cross-site scripting. The...
PT-2022-11744 · Unknown · Gnuboard Youngcart5
Name of the Vulnerable Software and Affected Versions: gnuboard youngcart5 versions up to 5.4.5.1 Description: A vulnerability has been found in gnuboard youngcart5, where the manipulation of the argument me link in the file adm/menu list update.php leads to cross site scripting. This issue can b...
ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...
CVE-2021-24942
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
CVE-2021-24942
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
Code injection
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
CVE-2021-24942
The CVE-2021-24942 issue affects the WordPress plugin Menu Item Visibility Control, versions 0.5 and earlier. The underlying problem is that the plugin does not sanitize and validate the Visibility logic option for WordPress menu items, which can allow highly privileged users (Admin+) to execute ...
CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
WordPress plugin Menu Item Visibility Control 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Menu...
PT-2022-9519 · WordPress · Menu Item Visibility Control
Name of the Vulnerable Software and Affected Versions: Menu Item Visibility Control WordPress plugin versions 0.5 and earlier Description: The issue concerns the Menu Item Visibility Control WordPress plugin, which fails to properly sanitize and validate the Visibility logic option for WordPress...
CVE-2022-3898
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
Cross site request forgery (csrf)
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice. 2. ...