PYSEC-2024-90

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the...

WordPress Viral Signup plugin <= 2.1 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Project Black in WordPress Plugin Viral Signup versions = 2.1...

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6926

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6926 Viral Signup <= 2.1 - Unauthenticated SQLi

The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2024-6926

CVE-2024-6926 affects the Viral Signup WordPress plugin (versions up to and including 2.1). The issue is an SQL injection caused by insufficient escaping/sanitisation of a user-supplied parameter used in a SQL query via an unauthenticated AJAX action. The vulnerability is documented as affecting ...

WordPress Viral Signup Plugin <= 2.1 is vulnerable to SQL Injection

Software Viral Signup Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-6926 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID bccf241bb1d7 Credits Project Black Required privilege Unauthenticated...

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37964 · WordPress · Viral Signup

Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated user...

WordPress Viral Signup plugin <= 2.1 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Viral Signup versions = 2.1...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927 Viral Signup <= 2.1 - Admin+ Stored XSS

The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-6927

CVE-2024-6927 concerns the Viral Signup WordPress plugin (

WordPress Viral Signup Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS)

Software Viral Signup Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6927 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5b641fb65f6d Credits Bob Matyas Required privilege...

WordPress plugin Viral Signup 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37965 · WordPress · Viral Signup

Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue concerns the Viral Signup WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as...

Code-Projects Online Quiz Site SQL注入漏洞

Code-Projects Online Quiz Site is a Code-Projects open source online quiz site. A SQL injection vulnerability exists in Code-Projects Online Quiz Site version 1.0, which stems from an SQL injection vulnerability in the lid parameter of the signupuser.php page...

CVE-2024-42769

A Reflected Cross Site Scripting XSS vulnerability was found in "/core/signupuser.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "userfname" and "userlname" parameters...

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. A cross-site scripting vulnerability exists in Kashipara Hotel Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the userfname and userlname parameters of...