7 matches found
PT-2026-26821
The Outgrow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the 'outgrow' shortcode in all versions up to, and including, 2.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin SW Plus 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
WordPress plugin Team Showcase cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2019-7464 · Sandhills Development · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads EDD core component versions 1.8.x through 1.8.6 Easy Digital Downloads EDD core component versions 1.9.x through 1.9.9 Easy Digital Downloads EDD core component versions 2.0.x through 2.0.4 Easy Digital Downloads EDD co...
Magento Cross-Site Request Forgery Vulnerability (CNVD-2019-25993)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. A cross-site request forgery vulnerability exists in Magento versions 2.1.18 before 2.1, 2.2.9 before 2.2.2 and...
Magento Information Disclosure Vulnerability (CNVD-2019-26252)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. An information disclosure vulnerability exists in Magento version 2.1 before 2.1.18, version 2.2 before 2.2.9, an...
Patchwork Cross-Site Scripting Vulnerability
Patchwork is a Web-based patch tracking management system. A cross-site scripting vulnerability exists in the template tag in Patchwork versions v1.1 through v2.1.x. The vulnerability stems from the lack of proper validation of client-side data in the WEB application, and can be exploited by an...