52 matches found
CVE-2022-34853
Multiple Authenticated contributor or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in wpWax Team plugin = 1.2.6 at WordPress...
CVE-2022-34650
Multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in wpWax Team plugin = 1.2.6 at WordPress...
CVE-2022-34650
Multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in wpWax Team plugin = 1.2.6 at WordPress...
CVE-2022-34650 WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in wpWax Team plugin = 1.2.6 at WordPress...
CVE-2022-34853
CVE-2022-34853 affects the WordPress plugin wpWax Team (≤ 1.2.6). The vulnerability is a persistent XSS that requires authentication from a contributor or higher user role; it arises from inadequate sanitisation/escaping of user-supplied data in the plugin. Impact is client-side script execution;...
WordPress Team plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Stored Cross-Site Scripting XSS vulnerabilities were discovered by Ngo Van Thien Patchstack Alliance in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason:...
WordPress Team plugin <= 1.2.6 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities were discovered by m0ze Patchstack in the WordPress Team plugin versions = 1.2.6. Solution Deactivate and delete. This plugin has been closed as of May 3, 2022 and is not available for download. Reason: Licensing/Trademark...
WordPress Ant Admin Notices for Team plugin <= 1.0.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Ant Admin Notices for Team plugin versions = 1.0.4. Solution No patched version available...
Path traversal
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter...
CVE-2015-5471
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter...
CVE-2015-5471
CVE-2015-5471 affects WordPress Swim Team plugin
WordPress Swim Team Plugin Arbitrary File Download Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites set up on servers with PHP and MySQL. Swim Team aka, wp-SwimTeam is one of the plug-ins for the Swim Team management system. An arbitrary file download...