WordPress plugin LinkedIn SC 跨站脚本漏洞

WordPress LinkedIn SC plugin is a plugin for WordPress websites. The WordPress LinkedIn SC plugin suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and output escaping of the linkedinscdateformat, linkedinscapikey, and linkedinscsecretkey parameters, whi...

EUVD-2024-17512

Malicious code in bioql PyPI...

WordPress Plugin WP ERP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-4217

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to...

CVE-2017-11559

An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack...

Exponent CMS 2.4.1 SQL Injection Vulnerability

Exponent CMS versions 2.4.1 and below suffer from a remote SQL injection vulnerability. CVE-2017-7991-SQL injection-Exponent CMS Suggested description Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key apikey parameter in the api function of...

CVE-2016-6266

cccaajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the 1 host or 2 apikey parameter in a register action, 3 enable parameter ...