127 matches found
WordPress WP VR Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP VR Type Plugin Vulnerable versions = 8.2.5 Fixed in 8.2.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID 93df9c4109e0 Credits István Márton Required privile...
WordPress WP VR Plugin <= 8.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP VR Type Plugin Vulnerable versions = 8.2.7 Fixed in 8.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25708 Patch priority Low CVSS severity Low 4.3 Developer WPFunnels Team PSID e8f1ea3c4e52 Credits Abdi Pranata Required privileg...
CVE-2023-0173 WPFunnels < 2.6.9 - Contributor+ Stored XSS
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-0173 WPFunnels < 2.6.9 - Contributor+ Stored XSS
The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
WordPress plugin WPFunnels 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress WP VR Plugin < 8.2.7 is vulnerable to Cross Site Scripting (XSS)
Software WP VR Type Plugin Vulnerable versions 8.2.7 Fixed in 8.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0174 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cc58a857921 Credits Lana Codes Required privilege...
WordPress WPFunnels Plugin < 2.6.9 is vulnerable to Cross Site Scripting (XSS)
Software WPFunnels Type Plugin Vulnerable versions 2.6.9 Fixed in 2.6.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0173 Patch priority Medium CVSS severity Medium 6.5 Developer WPFunnels Team PSID 8cceeb86a6f0 Credits István Márton Required...