10 matches found
EUVD-2006-2723
Malware in sbrugna...
CVE-2022-2762
The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack...
CVE-2023-6633 Site Notes <= 2.0.0 - Admin Note Deletion via CSRF
The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks...
CVE-2023-0479
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...
Cross site scripting
The Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability...
CVE-2023-0479
The CVE-2023-0479 entry affects the WordPress plugin Print Invoice & Delivery Notes for WooCommerce, prior to version 4.7.2. The issue is a reflected XSS vulnerability in an admin note on the WooCommerce orders page, caused by echoing a GET value after a urldecode() cleanup (post-esc_url_raw()), ...
Print Invoice & Delivery Notes for WooCommerce < 4.7.2 - Reflected XSS
The plugin is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the editothersshoporders capability. WooCommerce must be installed and active. This vulnerability is caused by a...
Cross site scripting
Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...
CVE-2006-2724
Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...
CVE-2006-2724
Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...