CVE-2022-23976 WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Data Reset (Posts / Pages / Media)

Cross-Site Request Forgery CSRF in Access Demo Importer = 1.0.7 on WordPress allows an attacker to reset all data posts / pages / media...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages including private and draft into an arbitrary CSV file, which the attacker can then download and retrieve the list of...

WordPress Mark Posts plugin跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Mark Posts plugin has a cross-site scripting...

CVE-2022-0958

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0958

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

Cross site scripting

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0958 Mark Posts < 2.0.1 - Admin+ Stored Cross-Site Scripting

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0958

CVE-2022-0958 affects the WordPress Mark Posts plugin prior to version 2.0.1, where the plugin does not escape new markers, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) when the unfiltered_html capability is disallowed. This is documented across multiple sources (NV...

WordPress plugin Mark Posts 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Mark Posts plugin has a cross-site scripting...

Unrestricted Upload of File with Dangerous Type in WPanel 4

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

CVE-2021-34257

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

CVE-2021-34257

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

Remote code execution

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

CVE-2021-34257

Multiple Remote Code Execution RCE vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to 1 Dashboard's Avatar image, 2 Posts Folder image, 3 Pages Folder image and 4 Gallery Folder image...

CVE-2021-24978

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...

CVE-2021-24978

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...

Cross site request forgery (csrf)

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...

WordPress plugin OSMapper 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

Cross-Site Request Forgery in Anchor CMS

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...