29 matches found
CVE-2024-11382 Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output...
CVE-2024-11382
CVE-2024-11382 – Common Ninja WordPress widget plugin : The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin is vulnerable to Stored Cross-Site Scripting via the plugin shortcode commonninja in all versions up to 1.1.0. The issue arises from insuf...
WordPress plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera 跨站脚本漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that allows you to set up a personal blog site on a PHP and MySQL server. WordPress plugin Website remote Install vor Gravity, WPForms,...
WordPress Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera plugin <= 4.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera versions = 4.0...
CVE-2014-4550
Cross-site scripting XSS vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter...
CVE-2014-4550
CVE-2014-4550 is a cross-site scripting vulnerability in the WordPress plugin Shortcode Ninja up to version 1.4 (and earlier) in the file preview-shortcode-external.php . The root cause is insufficient validation/escaping of the shortcode parameter, allowing remote attackers to inject arbitrary s...
CVE-2014-4017
Cross-site scripting XSS vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php...
CVE-2014-4017
CVE-2014-4017 is a cross-site scripting (XSS) vulnerability in the WordPress plugin Conversion Ninja . The flaw allows remote attackers to inject arbitrary script or HTML by supplying a crafted value to the id parameter of lp/index.php . Multiple connected sources confirm this is an XSS issue in ...
WordPress Conversion Ninja 'id' Parameter Cross Site Scripting Vulnerability
WordPress Conversion Ninja Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...