1035 matches found
CVE-2022-1526
The CVE-2022-1526 entry affects Emlog Pro up to version 1.2.2, where the vulnerability lies in POST parameter handling for articles. An attacker who can sign up and log in can craft input (examples show ) that leads to cross-site scripting (XSS). Public disclosures exist, and exploitation has bee...
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...
Cross site request forgery (csrf)
The Login/Signup Popup, Waitlist Woocommerce Back in stock notifier , and Side Cart Woocommerce Ajax WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the savesettings function found in the /includes/xoo-framework/admin/class-xoo-admin-settings.php file which makes it...
WordPress plugins affected by critical vulnerability impacting 84,000 websites
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. WordPress powers over 43.0% of all the websites on the Internet. A Cross-Site Request Forgery vulnerability CVE-2022-0215 was discovered in three plugins of WordPress. This flaw made it possible for an attacker to update...
WordPress Login/Signup Popup plugin <= 2.2 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Options Update
Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Options Update discovered by Chloe Chamberland Wordfence in WordPress Login/Signup Popup plugin versions = 2.2. Solution Update the WordPress Login/Signup Popup plugin to the latest available version at least 2.3...
CVE-2021-43438
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field...
CVE-2021-43440
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field...
CVE-2021-43438
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field...
CVE-2021-43440
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field...
CVE-2021-43441
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...
CVE-2021-43441
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...
Cross site scripting
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field...
Design/Logic Flaw
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...
Cross site scripting
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field...
CVE-2021-43438
The CVE-2021-43438 entry describes a Stored XSS vulnerability in iResturant 1.0, arising from insufficient input sanitization in the signup/registry form. The attack requires injecting hostile content via the NAME and ADDRESS fields, enabling remote code injection as described in the NVD entry. T...
CVE-2021-43438
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field...
CVE-2021-43441
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...
Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting
The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php?page=xoo-el-fields&tab="alert/XSS/...
Login/Signup Popup < 2.2 - Reflected Cross-Site Scripting
The plugin does not escape its tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php?page=xoo-el-fields="...
Lifestyle Store 1.0 Cross Site Scripting Vulnerability
Lifestyle Store 1.0 Cross Site Scripting Exploit Title: Lifestyle Store Online Shop Store 1.0 - Reflected Cross-Site Scripting XSS Author: Thamer https://twitter.com/thamer9900 Software Link: https://download-media.code-projects.org/2021/07/OnlineShopStoreInPHPWithSourceCode.zip Version: 1.0.0...