CVE-2023-2320 CF7 Google Sheets Connector < 5.0.2 - Reflected XSS

The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...

CVE-2023-32622

Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege...

CVE-2023-32612

Summary (CVE-2023-32612) WAVLINK WL-WN531AX2 firmware versions prior to 2023526 are affected by a client-side enforcement of a server-side security issue (CWE-602) that could allow a logged-in administrator to execute OS commands with root privileges. Impact: root-level command execution by privi...

CVE-2023-2482

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin...

Cross site scripting

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

Cross site scripting

The ERP WordPress plugin before 1.12.4 does not sanitise and escape the employeename parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-1166

The CVE-2023-1166 issue affects the USM-Premium WordPress plugin prior to version 16.3. The root cause is inadequate sanitization/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed (e.g., in multisite set...

CVE-2023-2592 FormCraft Premium < 3.9.7 - Admin+ SQLi

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...

CVE-2023-0873 Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS

The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-2482 Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin...

WordPress plugin CodeColorer 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Order date time for WooCommerce < 3.0.20 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged-in admin open a page containing the HTML code below. "/...

WooCommerce Pre-Orders < 2.0.2 - Reflected XSS

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC When there is at least one pre-order, make a logged in admin open the URL below...

Direct checkout, Add to cart redirect for Woocommerce < 2.1.49 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

SimpleModal Contact Form (SMCF) <= 1.2.9 - Admin+ Stored XSS

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-28026

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable...

CVE-2023-28040

CVE-2023-28040 affects Dell BIOS and describes an improper input validation vulnerability in the BIOS firmware that could allow a local authenticated attacker with administrator privileges to modify a UEFI variable. The root cause is input validation failure when handling UEFI variable actions. I...

WooCommerce Product Vendors < 2.1.77 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below html...

WooCommerce Product Vendors < 2.1.77 - Vendor Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as Admin Vendor and above PoC As an Admin vendor, open the URL below...