WordPress Genealogical Tree – WordPress Family Tree Plugin <= 2.2.0.8 is vulnerable to Cross Site Scripting (XSS)

Software Genealogical Tree – WordPress Family Tree Type Plugin Vulnerable versions = 2.2.0.8 Fixed in 2.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3035976be303 Credits Rafi...

WordPress F4 Post Tree plugin <= 1.1.8 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress F4 Post Tree plugin versions = 1.1.8. Solution Update the WordPress F4 Post Tree plugin to the latest available version at least 1.1.9...

WordPress Genealogical Tree – WordPress Family Tree plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Genealogical Tree – WordPress Family Tree plugin versions = 2.1.4. Solution Update the WordPress Genealogical Tree – WordPress Family Tree plugin to the latest available version at least 2.1.5...

WordPress option-tree plugin injection vulnerability (CNVD-2019-30767)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. WordPress option-tree plugin has an injection vulnerability. No...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2019-15320

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

Code injection

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

CVE-2019-15321

CVE-2019-15321 applies to the WordPress plugin “Option Tree” prior to version 2.7.3, where an Object Injection vulnerability arises from mishandled serialized classes. The entry is documented across multiple sources (NVD description: “option-tree plugin before 2.7.3 for WordPress has Object Injec...

CVE-2019-15321

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...

CVE-2019-15320

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...

CVE-2019-15319

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...

WordPress option-tree plugin cross-site scripting vulnerability (CNVD-2019-31010)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. A cross-site scripting vulnerability exists in the WordPress...

CVE-2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...

CVE-2015-9320

The option-tree plugin before 2.5.4 for WordPress has XSS related to addqueryarg...

CVE-2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...

Design/Logic Flaw

The option-tree plugin before 2.5.4 for WordPress has XSS related to addqueryarg...

CVE-2015-9320

The option-tree plugin before 2.5.4 for WordPress has XSS related to addqueryarg...

CVE-2016-10895

The option-tree plugin before 2.6.0 for WordPress has XSS via an addlistitem or addsociallinks AJAX request...