WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from the WpGenius Job Listing plugin being susceptible to stored cross-site scripting attacks due to insufficient input validation and cleanup. Th...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin is vulnerable to a cross-site scripting vulnerability that arises from insufficient input validation and cleanup in the Job Board Vanila plugin via the psjbexpin and psjbcurrin parameters in the...

CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

WordPress 访问控制错误漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress SendGrid plugin version 1.11.8 and earlier is vulnerable to an access control error, which stems fro...

VulnCheck KEV: CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

CVE-2021-24366 Admin Columns Free < 4.3 & Pro < 5.5.1 - Admin+ Stored XSS in Label

The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

Insecure Spam Embeds

wordpress allows for insecure spam embeds. It doe not properly disable spam embeds from deleted/archived/spam sites on a multisite network...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

DEBIAN-CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

Design/Logic Flaw

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

UBUNTU-CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

CVE-2020-28033

WordPress CVE-2020-28033 affects WordPress before 5.5.2 on multisite networks. The vulnerability stems from how embeds from disabled sites are handled, allowing a spam embed to be processed. Connected sources confirm WordPress 5.5.2 addressed this issue by hardening or disabling spam embeds on mu...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

WordPress < 5.5.2 - Disable Spam Embeds from Disabled Sites on a Multisite Network

Description The release notes state: "Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network."...

WordPress <= 5.5.1 - Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability

Mishandling Embeds From Disabled Sites On a Multisite Network vulnerability found by David Binovec in WordPress versions = 5.5.1. Solution Update the WordPress to the latest available version at least 5.5.2...

PT-2020-5742 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient access control in certain features of the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The proble...

Malicious Package

Overview capdrupal-multisite is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Exploit Title: Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting Date: 2020-02-18 Vendor Homepage: https://wpforms.com Vendor Changelog: https://wordpress.org/plugins/wpforms-lite/developers Exploit Author: Jinson...