CVE-2021-24134

The CVE affects the WordPress plugin Constant Contact Forms

CVE-2021-24136 Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location ...

CVE-2021-24135 WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS

Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML...

CVE-2021-24135

CVE-2021-24135 affects the WP Customer Reviews WordPress plugin (versions before 3.4.3). The vulnerability is due to unvalidated input and lack of output encoding, leading to Stored Cross-Site Scripting (XSS) where an attacker can inject arbitrary JavaScript/HTML. Public details in the provided d...

CVE-2021-24128 Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker contributor+ to inject arbitrary web script or HTML via the 'Description/biography' of a member...

CVE-2021-24124 WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting XSS when the CAPTCHA page is shown could lead to privileged escalation...

CVE-2021-24128

WordPress Team Members plugin vulnerability CVE-2021-24128 affects versions before 5.0.4. The issue is unvalidated input and lack of output encoding in the Description/biography field, enabling an authenticated, medium-privileged attacker (contributor+) to inject arbitrary web script or HTML (sto...

CVE-2021-24126

The CVE-2021-24126 entry concerns the Envira Gallery Lite WordPress plugin (versions before 1.8.3.3). The issue arises from unvalidated input and a lack of output encoding when sanitising image metadata (specifically the title) before it is rendered in the generated gallery. This handling is desc...

CVE-2021-24124

Affected software: WordPress WP Shieldon plugin (versions 1.6.3 and below). Vulnerability: Unauthenticated Reflected Cross‑Site Scripting caused by unvalidated input and lack of output encoding on the CAPTCHA page, due to $_SERVER['REQUEST_URI'] being echoed without encoding. Impact: could lead t...

CVE-2021-24129 Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting XSS vulnerabilities allowing low-privileged users Contributor+ to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Pan...

Wordpress Constant Contact Forms 跨站脚本漏洞

Wordpress Constant Contact Forms is Wordpress open source an application plugin. It allows websites to capture visitor information directly and easily. A cross-site scripting vulnerability exists in versions of the Constant Contact Forms WordPress plugin prior to 1.8.8. The vulnerability stems fr...

Wordpress Themify Portfolio Post 跨站脚本漏洞

Wordpress Themify Portfolio Post is Wordpress an open source application plugin . Provide a neat layout to display project information features . A cross-site scripting vulnerability exists in Themify Portfolio Post WordPress plugin versions prior to 1.1.6. The vulnerability stems from the progra...

Wordpress Team Members 跨站脚本漏洞

Wordpress Team Members is a Wordpress open source application plugin . Provide a team in the administration panel to add functionality . A cross-site scripting vulnerability exists in the Team Members WordPress plugin versions prior to 5.0.4. The vulnerability stems from the program not properly...

Wordpress WP Customer Reviews 跨站脚本漏洞

Wordpress WP Customer Reviews is a Wordpress open source application plugin. A cross-site scripting vulnerability exists in the WP Customer Reviews WordPress plugin versions prior to 3.4.3. The vulnerability stems from the program not properly validating input and not encoding output. An attacker...

The vulnerability of many functions in the PHPMailer class in the PHPMailer library allows a attacker to compromise data integrity.

The vulnerability of many functions in the PHPMailer class library is related to the lack of mechanisms for encoding or encrypting output data. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

Related Posts for WordPress < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)

Unvalidated input and lack of output encoding within the plugin lead to a Reflected Cross-Site Scripting XSS vulnerability within the 'lang' GET parameter while editing a post, triggered when users with the capability of editing posts access a malicious URL. PoC /wp-admin/post.php?post=1=edit〈='...

CVE-2020-29023

Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program like Excel. This issue affects: Secomea GateManager all...

U.S. Dept Of Defense: RXSS Via URI Path - https://██████████/

Hello All I Found RXSS in your OWN Website Steps To Reproduce Go to This Link https://██████/Orders/A%22onerror='alert%60xElkomy%60'testabcd/Login.aspx?ReturnUrl=/Orders Browsers I test them on Firefox and Google Chrome. Fix:- Filter input on arrival Encode data on output Use appropriate response...

Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...

GHSA-P9VV-3945-X93H Cross-Site Scripting in semantic-ui-search

All versions of semantic-ui-search are vulnerable to Cross-Site Scripting. Lack of output encoding on the selection dropdowns can lead to user input being executed instead of printed as text. Recommendation No fix is currently available. Consider using an alternative module until a fix is made...