17 matches found
WordPress FanBridge signup plugin <= 0.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin FanBridge signup versions = 0.6...
CVE-2025-24289
A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...
CVE-2025-24289
A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...
CVE-2025-24289
The CVE-2025-24289 entry concerns the UCRM Client Signup Plugin (versions 1.3.4 and earlier). The documented vulnerability is a CSRF that can lead to XSS and privilege escalation when an Administrator visits a crafted malicious page. The plugin is disabled by default. Affected component: UCRM Cli...
CVE-2025-24289
A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...
CVE-2025-24289
A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS vulnerability in the UCRM Client Signup Plugin v1.3.4 and earlier could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. The plugin is disabled by default...
PT-2025-27378 · Unknown · Ucrm Client Signup Plugin
Name of the Vulnerable Software and Affected Versions: UCRM Client Signup Plugin versions 1.3.4 and earlier Description: A Cross-Site Request Forgery CSRF leading to Cross-Site Scripting XSS issue could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious...
Ubiquiti UCRM Client Signup Plugin 安全漏洞
Ubiquiti UCRM Client Signup Plugin is a plugin from Ubiquiti USA, Inc. that is used to implement customer signup functionality and integration with the UCRM system. A security vulnerability exists in Ubiquiti UCRM Client Signup Plugin version 1.3.4 and prior versions, which stems from...
CVE-2024-6926
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2024-6927
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1386
The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-6926
The Viral Signup WordPress plugin through 2.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
WordPress plugin Viral Signup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37964 · WordPress · Viral Signup
Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated user...
WordPress Viral Signup plugin <= 2.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Viral Signup versions = 2.1...
CVE-2024-6927
The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-37965 · WordPress · Viral Signup
Name of the Vulnerable Software and Affected Versions: Viral Signup WordPress plugin versions 2.1 and earlier Description: The issue concerns the Viral Signup WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users, such as...