39 matches found
WordPress plugin Email Address Encoder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Email Address Encoder versions = 1.0.23...
WordPress Email Address Encoder Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)
Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43927 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bba49f18d147 Credits Rafie...
WordPress Email Address Encoder Plugin < 1.0.23 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tillkruss:emailaddressencoder"; ifdescription...
CVE-2023-48765
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...
CVE-2023-48765 WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...
CVE-2023-48765
CVE-2023-48765 affects the WordPress plugin Email Address Encoder. An improper input sanitization/output escaping in the eae_shortcode attribute allows Stored XSS in versions up to and including 1.0.22. Exploitation requires an authenticated user with Contributor+ privileges. The issue is mitigat...
WordPress Plugin Email Address Encoder Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eaeshortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for...
WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)
Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4b554f8ca93c Credits LVT-tholv2k Required privilege...
WordPress simple-mail-address-encoder plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-mail-address-encoder is a plugin that supports encoding of e-mail addresses. A cross-site scripting vulnerability exists in...
CVE-2019-15833
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...
CVE-2019-15833
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...
CVE-2019-15833
CVE-2019-15833 affects the WordPress plugin simple-mail-address-encoder prior to version 1.7. The issue is a reflected XSS in the plugin, as documented across multiple sources (NVD, Red Hat, CNVD, CVE list, PRION, WPVulnDB). The root cause is reflected client-side scripting when untrusted input i...
PT-2019-14422 · Unknown · Simple-Mail-Address-Encoder
Name of the Vulnerable Software and Affected Versions: simple-mail-address-encoder plugin versions prior to 1.7 Description: The issue is related to reflected XSS in the simple-mail-address-encoder plugin. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the...
WordPress Simple Mail Address Encoder plugin <= 1.6.1 - Reflected Authenticated Cross-Site Scripting (XSS) vulnerability
Reflected Authenticated Cross-Site Scripting XSS vulnerability found in WordPress Simple Mail Address Encoder plugin versions = 1.6.1. Solution Update the WordPress Simple Mail Address Encoder plugin to the latest available version at least 1.7...
Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS
Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice PoC https:///wp-admin/options-general.php?page=smae=remind=Iyc7YWxlcnQoL1hTUy8pOy8v...
Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS
Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice https:///wp-admin/options-general.php?page=smae&smaeaction=remind&fwurl=Iyc7YWxlcnQoL1hTUy8pOy8v...