12 matches found
EUVD-2021-11946
Malware in sbrugna...
EUVD-2022-51859
Malicious code in bioql PyPI...
CVE-2022-4519
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2021-25034
The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
CVE-2022-4049 WP User <= 7.0 - Unauthenticated SQLi
The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
Cross site scripting
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2022-4519
The WP User plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
PT-2022-27422 · WordPress · Wp User
Name of the Vulnerable Software and Affected Versions: WP User plugin for WordPress versions up to, and including, 7.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's settings parameters due to insufficient input sanitization and output escaping. This allows...
WordPress WP User plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to WordPress WP User plugin 7.0. The vulnerability stems...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions prior to WordPress WP User plugin 7.0. The vulnerability stems...
WordPress WP User plugin <= 6.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by Jeremie Amsellem in WordPress WP User plugin versions = 6.5.1. Solution Update the WordPress WP User plugin to the latest available version at least 7...