GHSA-GPQ5-VQVX-CH9J WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionenabledlanguagesen or wpglobusoptionenabledlanguagesfr or any other language parameter to wp-admin/options.php...

GHSA-35MH-F6P8-PJ2C WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...

WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionmorelanguages parameter to wp-admin/options.php...

GHSA-QF99-3QRG-G97Q WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepost parameter to wp-admin/options.php...

WPGlobus plugin Stored XSS & CSRF security vulnerability

The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57819)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the options.php file not validating the values of 'WEBTITLE, HOMEURL', '...

CVE-2021-24917

The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user...

PT-2021-16366 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: WPS Hide Login WordPress plugin versions prior to 1.9.1 Description: The issue allows an unauthenticated user to discover the secret login page by setting a random referer string and making a request to /wp-admin/options.php. This can be...

Cross-site Scripting (XSS)

zoneminder is vulnerable to Cross Site Scripting. The vulnerability exists due to a lack of validation in the view 'options' options.php for the WEBTITLE, HOMEURL, HOMECONTENT, or WEBCONSOLEBANNER value...

CVE-2021-24404

The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...

Sql injection

The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...

CVE-2021-24404 WP-Board <= 1.1 (beta) - Unauthenticated SQL Injection

The options.php file of the WP-Board WordPress plugin through 1.1 beta accepts a postid parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. This is a time based SQLI and in the same function vulnerable parameter is passed twice so ...

Advance Search < 1.1.3 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the wpasid parameter found in the /inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts...

CVE-2021-24497

The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $postid on the options.php page...

Sql injection

The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $postid on the options.php page...

CVE-2021-24497 Giveaway <= 1.2.2 - Authenticated SQL Injection

The Giveaway WordPress plugin through 1.2.2 is vulnerable to an SQL Injection issue which allows an administrative user to execute arbitrary SQL commands via the $postid on the options.php page...

CVE-2021-24497

The CVE-2021-24497 entry concerns the WordPress Giveaway plugin, affected up to version 1.2.2. It describes an authenticated SQL Injection vulnerability that allows an administrative user to execute arbitrary SQL via the options.php page parameter post_id. Public sources (WPScan/WPVulnDB) provide...

CVE-2021-21804

A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

Advantech R-SeeNet options.php local file inclusion (LFI) vulnerability

Summary A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability. Tested...

CVE-2019-17229

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress has multiple stored XSS issues...