175 matches found
WordPress plugin Team Rosters 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-1813 · WordPress · Team Rosters
Name of the Vulnerable Software and Affected Versions: Team Rosters plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...
WordPress plugin WpRently 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site...
WordPress plugin Feedpress Generator 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
PT-2024-17008 · WordPress · Feedpress Generator – External Rss Frontend Customizer
Name of the Vulnerable Software and Affected Versions: Feedpress Generator – External RSS Frontend Customizer plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization...
PT-2024-17017 · WordPress · Intro Tour Tutorial Deeppresentation
Name of the Vulnerable Software and Affected Versions: Intro Tour Tutorial DeepPresentation plugin for WordPress versions up to, and including, 6.5.2 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escapin...
PT-2024-17220 · WordPress · Bp Profile Shortcodes Extra
Name of the Vulnerable Software and Affected Versions: BP Profile Shortcodes Extra plugin for WordPress versions up to, and including, 2.6.0 Description: The issue is related to time-based SQL Injection via the tab parameter due to insufficient escaping on the user-supplied parameter and lack of...
WordPress BP Profile Shortcodes Extra plugin <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter vulnerability
Authenticated Contributor+ SQL Injection via tab Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin BP Profile Shortcodes Extra versions = 2.6.0...
WordPress plugin FAQ Builder AYS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...
CVE-2024-10685
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.7.29 - Reflected Cross-Site Scripting via tab Parameter vulnerability
Reflected Cross-Site Scripting via tab Parameter vulnerability discovered by vgo0 in WordPress Plugin Customize My Account for WooCommerce versions = 2.7.29...
PT-2024-16579 · WordPress · Sysbasics Customize My Account
Name of the Vulnerable Software and Affected Versions: SysBasics Customize My Account for WooCommerce plugin for WordPress versions prior to 2.7.29 Description: The vulnerability is a Reflected Cross-Site Scripting issue via the tab parameter, caused by insufficient input sanitization and output...
PT-2024-38986 · WordPress · Wordpress Post Grid Layouts With Pagination – Sogrid
Name of the Vulnerable Software and Affected Versions: WordPress Post Grid Layouts with Pagination – Sogrid plugin versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary files on the...
PT-2024-39962 · WordPress · Wp Photo Album Plus
Name of the Vulnerable Software and Affected Versions: WP Photo Album Plus plugin for WordPress versions up to, and including, 8.8.05.003 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated...
WordPress plugin Gravity Forms Toolbar 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-39198 · WordPress · Gravity Forms Toolbar
Name of the Vulnerable Software and Affected Versions: Gravity Forms Toolbar plugin for WordPress version 1.7.0 and earlier Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allows...
CVE-2024-5943
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...
CVE-2024-0979
The Dashboard Widgets Suite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
PT-2024-15958 · WordPress · Dashboard Widgets Suite
Name of the Vulnerable Software and Affected Versions: Dashboard Widgets Suite plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Reflected Cross-Site Scripting via the tab parameter due to insufficient input sanitization and output escaping. This allow...
WordPress BizCalendar Web plugin <= 1.1.0.25 - Reflected Cross-Site Scripting via 'tab' vulnerability
Reflected Cross-Site Scripting via 'tab' vulnerability discovered by WordFence in WordPress Plugin bizcalendar-web versions = 1.1.0.25...