PT-2023-23328 · Unknown · Sourcecodester Online Discussion Forum Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Discussion Forum Site version 1.0 Description: A problematic issue was discovered, affecting an unknown functionality in the file adminpostsmanage post.php. The manipulation of the title argument leads to cross-site...

PT-2023-23318 · Unknown · Sourcecodester Online Discussion Forum Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Discussion Forum Site version 1.0 Description: A problematic issue has been discovered, affecting an unknown function in the file adminpostsmanage post.php. The manipulation of the content argument leads to cross-site...

PT-2023-23358 · Unknown · Sourcecodester Online Discussion Forum Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Discussion Forum Site version 1.0 Description: A critical issue affects the processing of the file adminpostsmanage post.php, where the manipulation of the id argument leads to sql injection. This issue can be initiated...

PT-2023-12466 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to authorization bypass due to missing capability checks and a missing security nonce in the UlistingUserRole::save role api function. This...

PT-2023-11365 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20190312 Description: The issue arises from missing file type validation in the usp check images function, allowing unauthenticated attackers to upload arbitrary files t...

WordPress Plugin User Submitted Posts 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...

CVE-2023-2300

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

CVE-2023-2300

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

CVE-2023-2302

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the...

CVE-2023-2302

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the...

CVE-2023-2404

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...

PT-2023-19373 · Vcita · Crm/Lead Management By Vcita

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output escaping. Th...

PT-2023-18822 · Vcita · Contact Form/Calls To Action

Name of the Vulnerable Software and Affected Versions: Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output...

Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS

The plugin does not protect the ajax actions azhsave against CSRF attacks, allowing an unauthenticated attacker to modify posts by tricking a logged in user with rights to edit the post to submit a crafted request. Furthermore if the targeted user has a role of editor or above, arbitrary web...

CVE-2022-46814

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814 WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814 WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814

CVE-2022-46814 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Kodex Posts likes plugin, affected in versions