emlog 代码问题漏洞

emlog is a PHP and MySQL based CMS builder for emlog personal developers. A code issue vulnerability exists in emlog version 6.0.0, which stems from a file upload vulnerability in /admin/plugin.php. An attacker can exploit this vulnerability to elevate privileges...

WordPress Church Admin Plugin <= 3.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Church Admin Type Plugin Vulnerable versions = 3.7.5 Fixed in 3.7.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30782 Patch priority Medium CVSS severity Medium 7.1 Developer Andy Moyle PSID 7ffc0d962f6f Credits Le Ngoc Anh Required...

CVE-2023-23721

Cross-Site Request Forgery CSRF vulnerability in David Gwyer Admin Log plugin = 1.50 versions...

CVE-2022-4604

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...

Cross site request forgery (csrf)

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...

CVE-2022-4604 wp-english-wp-admin Plugin english-wp-admin.php register_endpoints cross-site request forgery

A vulnerability classified as problematic was found in wp-english-wp-admin Plugin up to 1.5.1. Affected by this vulnerability is the function registerendpoints of the file english-wp-admin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to...

404s < 3.5.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a new 404 via the plugin and put the following payload in the "Please enter the 40...

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request...

MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF

The plugin does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks PoC...

CVE-2021-25111

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue...

Open redirect

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue...

CVE-2021-25111 English WordPress Admin < 1.5.2 - Unauthenticated Open Redirect

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admincustomlanguagereturnurl before redirecting users o it, leading to an open redirect issue...

CSZ CMS SQL注入漏洞

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 contains a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in cszcmsadminPluginmanagersetstatus, and can be exploited by attackers to execute illegal...

WordPress Church Admin plugin cross-site request forgery vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

WordPress English WordPress Admin plugin <= 1.5.1 - Unauthenticated Open Redirect vulnerability

Unauthenticated Open Redirect vulnerability discovered by Krzysztof Zając in WordPress English WordPress Admin plugin versions = 1.5.1. Solution Update the WordPress English WordPress Admin plugin to the latest available version at least 1.5.2...

CVE-2022-0833

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file...

WordPress plugin Church Admin 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

WordPress WordPress User Management and User Admin Plugin – User Magic plugin <= 1.0.7 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress User Management and User Admin Plugin – User Magic plugin versions = 1.0.7. Solution No patched version available...

Emlog 授权问题漏洞

Emlog is a PHP and MySQL based CMS builder for Emlog personal developers. A license issue vulnerability exists in Emlog, which stems from the product's lack of an effective restriction added to the admin/plugin.php file deletion feature. An attacker can exploit this vulnerability to delete...

CVE-2021-36823 WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin WordPress plugin allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin WordPress plugin: from n/a through 6.8...