EUVD-2023-55578

Malicious code in bioql PyPI...

PT-2025-1490 · Unknown · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms versions through 2.3.28 Description: The issue is related to a Missing Authorization vulnerability in the Kali Forms Contact Form builder with drag & drop, allowing exploitation of incorrectly configured access control security...

WordPress plugin Kali Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.27 is vulnerable to Broken Access Control

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46083 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 538b41872f6e...

WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection

Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...

Sql injection

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

CVE-2023-0381 GigPress <= 2.3.28 - Subscriber+ SQLi

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...

WordPress plugin GigPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-15413 · WordPress · Gigpress

Name of the Vulnerable Software and Affected Versions: GigPress WordPress plugin versions prior to 2.3.28 Description: The issue concerns the GigPress WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could...

WordPress GigPress Plugin <= 2.3.27 is vulnerable to Cross Site Scripting (XSS)

Software GigPress Type Plugin Vulnerable versions = 2.3.27 Fixed in 2.3.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5602dcf35459 Credits WordfenceTeam Required privilege...

Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts REST Plugin With Dynamic Method Invocation Remote Code Execution', 'Description' = %q This module exploits a remo...

Apache Struts Security Update (S2-028, S2-030, S2-034)

Apache Struts is prone to multiple vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...