Lucene search
K

39 matches found

CNNVD
CNNVD
added 2025/01/02 12:0 a.m.3 views

WordPress plugin Email Address Encoder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.6AI score0.0022EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/08/26 9:20 a.m.5 views

WordPress Email Address Encoder plugin <= 1.0.23 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Email Address Encoder versions = 1.0.23...

4.3CVSS7AI score0.0022EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.9 views

WordPress Email Address Encoder Plugin <= 1.0.23 is vulnerable to Cross Site Request Forgery (CSRF)

Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.23 Fixed in 1.0.24 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43927 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bba49f18d147 Credits Rafie...

6.4AI score0.0022EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2023/12/20 12:0 a.m.27 views

WordPress Email Address Encoder Plugin < 1.0.23 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tillkruss:emailaddressencoder"; ifdescription...

6.5CVSS7AI score0.004EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 2:15 p.m.6 views

CVE-2023-48765

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...

5.4CVSS7.3AI score0.004EPSS
Exploits0References1
Prion
Prion
added 2023/12/15 2:15 p.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...

4.9CVSS6.9AI score0.004EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/15 1:56 p.m.34 views

CVE-2023-48765 WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...

6.5CVSS6.6AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 1:56 p.m.45 views

CVE-2023-48765

CVE-2023-48765 affects the WordPress plugin Email Address Encoder. An improper input sanitization/output escaping in the eae_shortcode attribute allows Stored XSS in versions up to and including 1.0.22. Exploitation requires an authenticated user with Contributor+ privileges. The issue is mitigat...

6.5CVSS6.7AI score0.004EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.8 views

WordPress Plugin Email Address Encoder Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.5CVSS6AI score0.004EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/12/07 12:0 a.m.24 views

Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eaeshortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for...

6.5CVSS5.5AI score0.004EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/11/29 12:0 a.m.12 views

WordPress Email Address Encoder Plugin <= 1.0.22 is vulnerable to Cross Site Scripting (XSS)

Software Email Address Encoder Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-48765 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4b554f8ca93c Credits LVT-tholv2k Required privilege...

6.5CVSS6.5AI score0.004EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/09/02 12:0 a.m.4 views

WordPress simple-mail-address-encoder plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. simple-mail-address-encoder is a plugin that supports encoding of e-mail addresses. A cross-site scripting vulnerability exists in...

6.1CVSS6.2AI score0.00985EPSS
Exploits1References1
OSV
OSV
added 2019/08/30 2:15 p.m.3 views

CVE-2019-15833

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...

6.1CVSS6.4AI score0.00985EPSS
Exploits1References2
Cvelist
Cvelist
added 2019/08/30 1:32 p.m.35 views

CVE-2019-15833

The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS...

6.5AI score0.00985EPSS
Exploits1References2
CVE
CVE
added 2019/08/30 1:32 p.m.63 views

CVE-2019-15833

CVE-2019-15833 affects the WordPress plugin simple-mail-address-encoder prior to version 1.7. The issue is a reflected XSS in the plugin, as documented across multiple sources (NVD, Red Hat, CNVD, CVE list, PRION, WPVulnDB). The root cause is reflected client-side scripting when untrusted input i...

6.1CVSS6.4AI score0.00985EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2019/08/30 12:0 a.m.13 views

PT-2019-14422 · Unknown · Simple-Mail-Address-Encoder

Name of the Vulnerable Software and Affected Versions: simple-mail-address-encoder plugin versions prior to 1.7 Description: The issue is related to reflected XSS in the simple-mail-address-encoder plugin. Recommendations: For versions prior to 1.7, update to version 1.7 or later to resolve the...

6.1CVSS5.9AI score0.00985EPSS
Exploits1References4
Patchstack
Patchstack
added 2019/07/04 12:0 a.m.10 views

WordPress Simple Mail Address Encoder plugin <= 1.6.1 - Reflected Authenticated Cross-Site Scripting (XSS) vulnerability

Reflected Authenticated Cross-Site Scripting XSS vulnerability found in WordPress Simple Mail Address Encoder plugin versions = 1.6.1. Solution Update the WordPress Simple Mail Address Encoder plugin to the latest available version at least 1.7...

2.1AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2019/07/03 12:0 a.m.18 views

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice PoC https:///wp-admin/options-general.php?page=smae=remind=Iyc7YWxlcnQoL1hTUy8pOy8v...

4.3CVSS0.9AI score0.00985EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2019/07/03 12:0 a.m.14 views

Simple Mail Address Encoder <= 1.6.1 - Reflected Authenticated XSS

Reflected XSS in the base64 encoded fwurl parameter when the plugin has been used for 30 days and shows a donation notice https:///wp-admin/options-general.php?page=smae&smaeaction=remind&fwurl=Iyc7YWxlcnQoL1hTUy8pOy8v...

4.3CVSS1.9AI score0.00985EPSS
Exploits1References1
Rows per page
Query Builder