6 matches found
Online Security Guards Hiring System SQL Injection Vulnerability
WordPress WP Shopping Pages plugin cross-site scripting vulnerability...
SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An information disclosure vulnerability exists in SAP Host Agent that stems from a lack of authentication checks, which could be exploited by an unauthenticated attacker to set undocumented parameters to a specific compatibility value and then invoke a read function.
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2023-3492
The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Cross site request forgery (csrf)
The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-3492
CVE-2023-3492 affects the WP Shopping Pages WordPress plugin up to version 1.14. The vulnerability arises from missing CSRF checks, insufficient sanitisation and escaping, enabling an authenticated attacker to trigger a Stored XSS payload in a logged-in admin account via CSRF. The connected Red H...
PT-2023-25052 · WordPress · Wp Shopping Pages
Name of the Vulnerable Software and Affected Versions: WP Shopping Pages WordPress plugin versions 1.14 and earlier Description: The issue is related to the lack of CSRF checks in some areas of the plugin, as well as missing sanitization and escaping. This could allow attackers to make logged-in...