67 matches found
CVE-2023-52132
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...
CVE-2023-52132
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...
CVE-2023-52132
CVE-2023-52132 affects WP Adminify for WordPress. Affected: WP Adminify
CVE-2023-52132 WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jewel Theme WP Adminify.This issue affects WP Adminify: from n/a through 3.1.6...
PT-2023-31925 · WordPress · Wp Adminify
Name of the Vulnerable Software and Affected Versions: WP Adminify versions 3.1.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation. No information is...
WordPress Plugin WP Adminify SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP Adminif...
WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection
Software WP Adminify Type Plugin Vulnerable versions = 3.1.6 Fixed in 3.1.7 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-52132 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 1e08f0f78327 Credits Muhammad Daffa Required privilege Administrator...
CVE-2023-44266
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...
CVE-2023-44266
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...
CVE-2023-44266
CVE-2023-44266 refers to a Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin for WordPress, affecting versions up to 3.1.6. Exploitation requires authenticated admin-level access (admin+). The issue is triggered via the plugin’s admin interface, enabling stored XSS...
CVE-2023-44266 WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Jewel Theme WP Adminify plugin = 3.1.6 versions...
WP Adminify < 3.1.6 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-29179 · WordPress · Jewel Theme Wp Adminify
Name of the Vulnerable Software and Affected Versions: Jewel Theme WP Adminify plugin versions 3.1.6 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. There is no information provided about the...
WordPress Plugin WP Adminify Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress WP Adminify Plugin <= 3.1.7 is vulnerable to Cross Site Scripting (XSS)
Software WP Adminify Type Plugin Vulnerable versions = 3.1.7 Fixed in 3.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-44266 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 119f5c11b6c5 Credits Rio Darmawan Required...
CVE-2023-4060
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4060 WP Adminify < 3.1.6 - Admin+ Stored XSS
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4060
CVE-2023-4060 affects WP Adminify for WordPress prior to version 3.1.6. The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as in multisite). Red Hat’s...
PT-2023-27530 · WordPress · Wp Adminify
Name of the Vulnerable Software and Affected Versions: WP Adminify WordPress plugin versions prior to 3.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, fo...