EUVD-2022-55976

WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page...

CVE-2022-50955

WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page...

CVE-2022-50955

CVE-2022-50955 affects the WordPress plugin Curtain 1.0.2. The issue is a cross-site request forgery (CSRF) that lets attackers toggle maintenance mode by crafting requests to options-general.php with curtain parameters, bypassing valid nonce validation. Impact is the ability to activate/deactiva...

CVE-2015-9424

The multicons plugin before 3.0 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=multicons%2Fmulticons.php globalurl or adminurl parameter...

March 5, 2024, update for Office 2016 (KB5002466)

March 5, 2024, update for Office 2016 KB5002466 This article describes update 5002466 for Microsoft Office 2016 that was released on March 5, 2024.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to th...

PT-2023-25519 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: typecho version 1.2.1 Description: A File Upload issue allows a remote attacker to execute arbitrary code via the upload and options-general parameters in "index.php". Recommendations: For typecho version 1.2.1, as a temporary workaround,...

typecho Code Issue Vulnerability

typecho is a PHP blogging platform for typecho individual developers. It is simple and powerful. A security vulnerability exists in typecho version 1.2.1, which stems from a file upload vulnerability that allows an attacker to execute arbitrary code via the upload and options-general parameters...

CVE-2017-20108

A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "alert1 leads to basic cross site scripting. It is possible to initiate the attack remotely...

WordPress plugin Easy Table 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS

Due to missing checks the plugin is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings...

UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the updraftrestore parameter before outputting it back in the Restore page, leading to a Reflected Cross-Site Scripting...

WordPress 插件 SQL注入漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL.A SQL injection vulnerability exists in Wordpress Plugin Alipay, which stems from the product...

CVE-2015-9497

The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php...

CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF...

CVE-2017-18521

The democracy-poll plugin before 5.4 for WordPress has CSRF via wp-admin/options-general.php?page=democracy-poll&subpage=l10n...

CVE-2019-9908

The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php managefontid XSS...

WordPress WP HTML Sitemap plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WP HTML Sitemap plugin is used in one of the by entering a short code in the page to add HTML sitemap plugin. A...

WordPress flickrRSS plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. flickrRSS plugin is used in one of the plugin to display images. A cross-site scripting vulnerability exists in th...

WordPress flickrRSS plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. flickrRSS plugin is used in one of the plugin to display images. A cross-site request forgery vulnerability exists...

WordPress flickrRSS plugin cross-site scripting vulnerability (CNVD-2018-05367)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. flickrRSS plugin is used in one of the plugin to display images. A cross-site scripting vulnerability exists in th...