itsourcecode Billing System SQL注入漏洞

itsourcecode Billing System is itsourcecode open source a system developed in PHP MySQL database using HTML, CSS, Bootstrap, JavaScript, Ajax, J Query and Modal. this PH billing system project contains an administrator side. This PH Billing System project includes an administrator side where the...

CVE-2024-1779

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

Cross site request forgery (csrf)

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...

CVE-2024-1777 Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...

CVE-2024-1778 Admin side data storage for Contact Form 7 <= 1.1.1 - Missing Authorization to Unauthenticated Bookmark Status Alteration

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangebookmark function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter...

CVE-2024-1776

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2024-1776

The CVE-2024-1776 entry concerns the Admin side data storage for the WordPress plugin Contact Form 7. Affected versions are all up to 1.1.1. Root cause: insufficient escaping of the user-supplied form-id parameter and inadequate preparation in the existing SQL query, enabling an authenticated att...

CVE-2024-1779 Admin side data storage for Contact Form 7 plugin <= 1.1.1 - Missing Authorization to Unauthenticated Read Status Update

The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ztdcfcfchangestatus function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter t...

WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to SQL Injection

Software Admin side data storage for Contact Form 7 Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-1776 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID caefe13b5aa6 Credits zulu caPWN Required...

WordPress Admin side data storage for Contact Form 7 Plugin <= 1.1.1 is vulnerable to Broken Access Control

Software Admin side data storage for Contact Form 7 Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1779 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d6fbc39c9c32 Credits zulu...

Admin side data storage for Contact Form 7 <= 1.1.1 - Cross-Site Request Forgery

Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated...

Admin side data storage for Contact Form 7 <= 1.1.1 - Authenticated (Admin+) SQL Injection

Description The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2023-24420

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin = 1.1.1 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Zestard Technologies Admin side data storage for Contact Form 7 plugin = 1.1.1 versions...

WordPress CAPTCHA 4WP Plugin < 7.1.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpwhitesecurity:captcha4wp"; if description...

CVE-2022-2184

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server...

Cross site request forgery (csrf)

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server...

CVE-2021-24443

The CVE-2021-24443 entry concerns the Youzify WordPress plugin (About Me widget) prior to version 1.0.7. The vulnerability stems from improper sanitisation of the Biography field, enabling an authenticated user to inject Cross-Site Scripting payloads that execute when an affected profile is viewe...

WordPress SupportFlow Plugin <= 0.6 - Stored Cross-Site Scripting (XSS)

This plugin is prone to a stored XSS vulnerability, because the subject is not escaped before being used in the value attribute of the subject input element in the admin-side ticket form. Solution Update the plugin...

Ian Dunn: Stored XSS in SupportFlow Ticket Subject

SupportFlow contains an XSS vulnerability in how it handles ticket subjects in the admin-side ticket form, because the subject is not escaped before being used in the value attribute of the subject input element. This first requires wptexturize to be disabled not that uncommon: addfilter...