229 matches found
WordPress AntiSpam for Contact Form 7 Plugin <= 0.6.0 is vulnerable to Cross Site Scripting (XSS)
Software AntiSpam for Contact Form 7 Type Plugin Vulnerable versions = 0.6.0 Fixed in 0.6.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-27961 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f9498b94e6d4 Credits stealthcopter Required...
Spam protection, AntiSpam, FireWall by CleanTalk < 6.21 - Email Update via CSRF
Description The plugin does not have CSRF check in its apbctsettingsupdateaccountemail function, which could allow attackers to make logged in admins update email address via a CSRF attack...
Spam protection, AntiSpam, FireWall by CleanTalk < 6.21 - Counters Reset/Creation via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as reset/create counters...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.20 Fixed in 6.21 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51535 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.20 is vulnerable to Cross Site Request Forgery (CSRF)
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.20 Fixed in 6.21 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-51696 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
Antispam Bee < 2.11.4 - IP Address Spoofing via get_client_ip
Description The Antispam Bee plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.11.3 due to use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass country blocking...
WordPress Antispam Bee Plugin <= 2.11.3 is vulnerable to Bypass Vulnerability
Software Antispam Bee Type Plugin Vulnerable versions = 2.11.3 Fixed in 2.11.4 OWASP Top 10 A6: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-41134 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5abac73c1838 Credits Mika Required privilege...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.95.0.0) +7 more potentially affected by CVE-2023-43796 via matrix-synapse (>=0.33.9 <=1.95.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-43796 Source advisory: OSV:GHSA-MP92-3JFM-3575...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.93.0.0) +7 more potentially affected by CVE-2023-45129 via matrix-synapse (>=0.33.9 <=1.93.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-45129 Source advisory: OSV:PYSEC-2023-199...
WordPress Spam protection, AntiSpam, FireWall by CleanTalk Plugin <= 6.10 is vulnerable to Broken Access Control
Software Spam protection, AntiSpam, FireWall by CleanTalk Type Plugin Vulnerable versions = 6.10 Fixed in 6.11 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-33996 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID b4ca9dd06551...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.73.0.1) +7 more potentially affected by CVE-2023-32323 via matrix-synapse (>=0.33.9 <=1.73.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32323 Source advisory: OSV:PYSEC-2023-67...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.73.0.1) +7 more potentially affected by CVE-2023-32323 via matrix-synapse (>=0.33.9 <=1.73.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32323 Source advisory: OSV:GHSA-F3WC-3VXV-XMVR...
Exploit for Improper Input Validation in Microsoft
CVE-2023-23397 This script allows to create TNEF-encoded Outl...
Sql injection
The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin before 5.185.1 does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin...
MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature
Cross-site scripting XSS vulnerability in the antispam feature security/antispam.py in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content...
GHSA-CX94-3H5X-CC57 MoinMoin Cross-site scripting (XSS) vulnerability in the antispam feature
Cross-site scripting XSS vulnerability in the antispam feature security/antispam.py in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content...
CVE-2022-28221
The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php...
CVE-2022-28222
The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php...
Cross site scripting
The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Comments.php...
Cross site scripting
The CleanTalk AntiSpam plugin = 5.173 for WordPress is vulnerable to Reflected Cross-Site Scripting XSS via the $REQUEST'page' parameter in/lib/Cleantalk/ApbctWP/FindSpam/ListTable/Users.php...