112 matches found
WordPress plugin Nested Pages security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...
WordPress Nested Pages Plugin <= 3.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Nested Pages Type Plugin Vulnerable versions = 3.2.7 Fixed in 3.2.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-5943 Patch priority Low CVSS severity Low 8.3 Developer Claim ownership PSID ec525e948d0f Credits Bassem Essam Required...
WordPress Different Menu in Different Pages plugin <= 2.3.2 - Missing Authorization to Menu Duplication vulnerability
Missing Authorization to Menu Duplication vulnerability discovered by Lucio Sá in WordPress Plugin Different Menu in Different Pages versions = 2.3.2...
Legal Pages < 1.3.9 - Missing Authorization
Description The plugin is vulnerable to unauthorized modification of data due to a missing capability check on the moveToTrash and fetchandinserttemplatedata functions hooked via AJAX in all versions up to, and including, 1.3.8. This makes it possible for authenticated attackers, with...
CVE-2023-50873 WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4...
WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Add Any Extension to Pages Type Plugin Vulnerable versions = 1.4 Fixed in 1.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-50873 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b3821f100fa4 Credits Nguyen Xuan...
WordPress Nested Pages Plugin < 3.2.7 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nestedpagesproject:nestedpages"; ifdescription...
CVE-2023-44241
CVE-2023-44241 — Keap Landing Pages (WordPress) CSRF . Affected software is the Keap Landing Pages plugin (WordPress) version
CVE-2023-44232
CVE-2023-44232 is a CSRF vulnerability in the WordPress WP Hide Pages plugin (versions up to 1.0). The PatchStack entry notes unauthenticated exploit capability and that no patch is available to fix this vulnerability; the WP Hide Pages pages remain unpatched. No concrete remediation is provided ...
PT-2023-29157 · Huseyin Berberoglu · Wp Hide Pages
Name of the Vulnerable Software and Affected Versions: Huseyin Berberoglu WP Hide Pages plugin version 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
WordPress Legal Pages Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Legal Pages Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 46f7055dfcca Credits István Márton Required...
Online Security Guards Hiring System SQL Injection Vulnerability
WordPress WP Shopping Pages plugin cross-site scripting vulnerability...
CVE-2023-23826
CVE-2023-23826 corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Add Posts to Pages, affected
WordPress plugin WP Shopping Pages 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Online Security Guards Hiring System SQL注入漏洞
WordPress WP Shopping Pages plugin cross-site scripting vulnerability...
WordPress Mobile Pages Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Mobile Pages Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7dbee75ebab7 Credits Rafie Muhammad Patchstack Required...
CVE-2023-2434
The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings...
CVE-2015-10090
A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to...
CVE-2015-10090
CVE-2015-10090 – Landing Pages Plugin (WordPress) is affected up to version 1.8.7. The vulnerability is described as a cross-site scripting flaw in unknown functionality that can be exploited remotely. The root cause and affected component are not explicitly detailed in the provided sources, but ...