PT-2022-27422 · WordPress · Wp User

Name of the Vulnerable Software and Affected Versions: WP User plugin for WordPress versions up to, and including, 7.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's settings parameters due to insufficient input sanitization and output escaping. This allows...

WordPress plugin WP User 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

GHSA-X5JC-34XF-C24Q User Plugin for October CSS Allows XSS

An issue was discovered in the Users aka Front-end user management plugin 1.4.5 for October CMS. XSS exists in the name field...

User Plugin for October CSS Allows XSS

An issue was discovered in the Users aka Front-end user management plugin 1.4.5 for October CMS. XSS exists in the name field...

WordPress WP User plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to WordPress WP User plugin 7.0. The vulnerability stems...

CVE-2021-25034

The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...

WordPress Active User plugin <= 1.0.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Active User plugin versions = 1.0.1. Solution No patched version available...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to WordPress WP User plugin 7.0. The vulnerability stems...

WordPress WP User plugin <= 6.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress WP User plugin versions = 6.5.1. Solution Update the WordPress WP User plugin to the latest available version at least 7...

GetSimple CMS Cross-Site Scripting Vulnerability (CNVD-2020-54918)

GetSimple CMS is a content management system CMS written in PHP. A cross-site request forgery vulnerability exists in the multi-user plugin 1.8.2 for GetSimple CMS, which stems from a lack of proper authentication of client-side data by the WEB application. An attacker can exploit the vulnerabili...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

CVE-2020-23837

CVE-2020-23837 describes a CSRF vulnerability in the GetSimple CMS, specifically the Multi User plugin 1.8.2. The issue allows remote attackers to add admin (or other) users after an authenticated administrator visits a third‑party site or clicks a URL. The affected component is the Multi User pl...

CVE-2020-23837

A Cross-Site Request Forgery CSRF vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin or other users after an authenticated admin visits a third-party site or clicks on a URL...

Cross-site Scripting (XSS)

rainlab/user-plugin is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper use of formvalue which does not provide escaping of user input, allowing XSS to occur...

October CMS User 1.4.5 Cross Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user...

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting

Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user management for October CMS. Allows...

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting

October CMS User Plugin 1.4.5 - Persistent Cross-Site Scripting Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Date: 2018-04-03 Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1...

Master User, versions before 2.1.4

Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway. Resolution: Update to version 2.1.4 Update notice URL:...