Lucene search
K

150 matches found

OSV
OSV
added 2023/06/05 2:15 p.m.3 views

CVE-2023-2488

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

6.1CVSS5.8AI score0.00522EPSS
Exploits2References1
Prion
Prion
added 2023/06/05 2:15 p.m.16 views

Cross site scripting

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.3CVSS4.7AI score0.00442EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2023/06/05 2:15 p.m.16 views

Cross site scripting

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

5.8CVSS6AI score0.00522EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/05 1:38 p.m.9 views

CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.6AI score0.00442EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/05 1:38 p.m.29 views

CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00442EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/06/05 1:38 p.m.7 views

CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

6.2AI score0.00522EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/06/05 1:38 p.m.28 views

CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...

6.2AI score0.00522EPSS
Exploits2References1
CVE
CVE
added 2023/06/05 1:38 p.m.70 views

CVE-2023-2488

The CVE refers to the WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms, with versions prior to 2023 vulnerable to a Reflected XSS due to insufficient sanitisation/escaping of parameters when rendering admin dashboard pages. The impact targets high-privilege users (e.g.,...

6.1CVSS6AI score0.00522EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.6 views

PT-2023-19831 · WordPress · Stop Spammers Security

Name of the Vulnerable Software and Affected Versions: The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2023 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because various parameters are not properly...

6.1CVSS6.4AI score0.00522EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.5 views

PT-2023-19832 · WordPress · Stop Spammers Security

Name of the Vulnerable Software and Affected Versions: The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2023 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltere...

4.8CVSS7.9AI score0.00442EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.4 views

WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6.3AI score0.00442EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/06/05 12:0 a.m.5 views

WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS5.9AI score0.00522EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/05/15 12:0 a.m.16 views

Stop Spammers Security < 2023 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page containing the code below...

6.1CVSS5.7AI score0.00522EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/15 12:0 a.m.16 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the payload below in any of the "Challenge...

4.8CVSS8.2AI score0.00442EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.145 views

Stop Spammers Security < 2023 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the payload below in any of the "Challenge &...

4.8CVSS8.4AI score0.00442EPSS
Exploits2
wpexploit
wpexploit
added 2023/05/15 12:0 a.m.107 views

Stop Spammers Security < 2023 - Reflected XSS

The plugin does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the code below...

6.1CVSS5.7AI score0.00522EPSS
Exploits2
OSV
OSV
added 2022/12/26 1:15 p.m.2 views

CVE-2022-4120

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

9.8CVSS5.8AI score0.18121EPSS
Exploits2References1
NVD
NVD
added 2022/12/26 1:15 p.m.21 views

CVE-2022-4120

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

9.8CVSS0.18121EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.7 views

CVE-2022-4120 Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

7.1AI score0.18121EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.28 views

CVE-2022-4120 Stop Spammers Security < 2022.6 - Unauthenticated PHP Object Injection

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...

9.8AI score0.18121EPSS
Exploits2References1
Rows per page
Query Builder