6234 matches found
CVE-2022-3506 Cross-site Scripting (XSS) - Stored in barrykooij/related-posts-for-wp
Cross-site Scripting XSS - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3...
CVE-2022-3506
CVE-2022-3506 corresponds to a stored XSS vulnerability in the WordPress Related Posts plugin (rp4wp) prior to version 2.1.3. Multiple connected sources confirm the flaw in the rp4wp[heading_text] parameter where unsanitized user input can inject arbitrary script, potentially compromising cookies...
PT-2022-21380 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 7.1.x and earlier Description: The issue arises when a specifically crafted GIF file is uploaded while drafting a post, allowing authenticated users to cause resource exhaustion during file processing. This results in a...
Cotonti Siena 跨站脚本漏洞
Cotonti Siena is a powerful open source web development framework and content manager from Cotonti Open Source. A security vulnerability exists in Cotonti Siena version 0.9.20, which originates from allowing administrators to conduct stored XSS attacks via forum posts...
CVE-2022-36600
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...
BlogEngine 跨站脚本漏洞
BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. A cross-site scripting vulnerability exists in BlogEngine version v3.3.8.0, which was discovered to contain a cross-site scripting XSS vulnerability via the component...
WordPress Netroics Blog Posts Grid 1.0 Cross Site Scripting
Exploit Title: Stored XSS in posttitle parameter in WordPress Plugin "Netroics Blog Posts Grid" v1.0 Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Teste...
WordPress Netroics Blog Posts Grid 1.0 Plugin - Stored XSS Vulnerability
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on: Centos 7 apache2 ...
WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Netroics Blog Posts Grid 1.0 - Stored Cross-Site Scripting XSS Date: 08/08/2022 Exploit Author: saitamang, syad, yunaranyancat Vendor Homepage: wordpress.org Software Link: https://downloads.wordpress.org/plugin/netroics-blog-posts-grid.zip Version: 1.0 Tested on:...
CVE-2022-2275
The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack...
CVE-2022-2276
The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...
CVE-2022-2275
The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack...
WordPress plugin WP Edit Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
LinkedIn: An Attacker Can Flag Draft Job Posts And Can Disclose The Draft Job Posts Details [ Similar to #1581528 Resolved Report]
A vulnerability was discovered on LinkedIn that allowed attackers to flag and report draft job posts of other users. This resulted in the disclosure of sensitive job details, even for posts that were not yet published...
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...
CVE-2022-2535
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...
Code injection
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...
EUVD-2022-34789
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink...
CVE-2022-2535
The vulnerability CVE-2022-2535 affects WordPress plugin SearchWP Live Ajax Search (versions before 1.6.2). The root cause is that live search queries do not restrict results to published posts, allowing unauthenticated users to disclose private/draft/pending post titles and their permalinks thro...
WordPress plugin SearchWP Live Ajax Search 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...