PT-2023-20168 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to edit an arbitrary custom drop-down currency...

Cross-Site Request Forgery (CSRF)

github.com/phachon/mm-wiki is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in Save function of user.go which allows an attacker to execute arbitrary code via the system/user/save parameter...

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...

WordPress plugin YourChannel 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...

PT-2023-17296 · WordPress · Yourchannel

Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated attackers to...

Cross site scripting

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...

Codiad 信息泄露漏洞

Codiad is a website builder from the Codiad team that provides Web-based IDE functionality. An information disclosure vulnerability exists in Codiad version 2.8.0, which stems from a problem with the saveJSON function in the file components/install/process.php, where manipulation of the parameter...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

CVE-2023-0086

The JetWidgets for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.12. This is due to missing nonce validation on the save function. This makes it possible for unauthenticated attackers to to modify the plugin's settings via a forge...

WordPress plugin JetWidgets for Elementor 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin JetWidgets...

Privilege Escalation

DSInternals is vulnerable to privilege escalation. The vulnerability exists in the save function of RoamedCredential.cs because invalid characters are not properly parsed in windows roaming credential service which allows an attacker to write files on the file system with elevate privileges...

PT-2022-23081 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.10.0 TensorFlow versions 2.9.1 and earlier TensorFlow versions 2.8.1 and earlier TensorFlow versions 2.7.2 and earlier Description: The issue occurs when Save or SaveSlices is run over tensors of an unsupported...

Path Traversal

django is vulnerable to path traversal. The vulnerability exists in the save function in storage.py as it does not properly validate the filenames, allowing an attacker to access files outside the expected directory through the crafted filenames...

CVE-2021-39347

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save function found in the /includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

Cross site scripting

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...

CVE-2020-12670

XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...