CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

lmxcms SQL Injection Vulnerability

lmxcms dream cms is a website builder from China Dream Cms lmxcms company. SQL injection vulnerability exists in lmxcms version before 1.41, the vulnerability stems from the existence of an unknown function in the file admin.php, which leads to sql injection via the parameter lid...

WordPress plugin DX Share Selection 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

Monstra CMS Cross-Site Scripting Vulnerability (CNVD-2021-49037)

Monstra is a lightweight content management system CMS. A cross-site scripting vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the page function in admin/index.php...