285 matches found
PT-2025-3712 · WordPress · Enable Accessibility
Name of the Vulnerable Software and Affected Versions: Enable Accessibility plugin for WordPress versions up to, and including, 1.4.1 Description: The issue arises from the use of add query arg and remove query arg without proper escaping on the URL, allowing unauthenticated attackers to inject...
PT-2024-17428 · WordPress · Analytics Cat
Name of the Vulnerable Software and Affected Versions: Analytics Cat – Google Analytics Made Easy plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL...
PT-2024-16944 · WordPress · Twchat
Name of the Vulnerable Software and Affected Versions: TWChat – Send or receive messages from users plugin for WordPress versions up to, and including, 4.0.4 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the...
WordPress plugin افزونه پیامک ووکامرس Persian WooCommerce SMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin.... WordPress plugin افزونه پیامک...
WordPress plugin TWChat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-15994 · WordPress · Persian Woocommerce Sms
Name of the Vulnerable Software and Affected Versions: Persian WooCommerce SMS plugin for WordPress versions up to, and including, 7.0.5 Description: The issue is related to Reflected Cross-Site Scripting due to the use of remove query arg without appropriate escaping on the URL. This allows...
WordPress 워드프레스 결제 심플페이 plugin <= 5.2.2 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability
Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin 워드프레스 결제 심플페이 versions = 5.2.2...
WordPress plugin Splash Sync 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...
WordPress plugin ForumWP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin...
PT-2024-16940 · WordPress · Splash Sync
Name of the Vulnerable Software and Affected Versions: Splash Sync plugin for WordPress versions up to, and including, 2.0.6 Description: The issue arises from the use of add query arg without proper escaping on the URL, allowing unauthenticated attackers to inject arbitrary web scripts into page...
CVE-2024-52273
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 setDoublePppoeConfig-guestipcheckoverflow arg: mask modules allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50...
CVE-2024-11685
The Kudos Donations – Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attacker...
UBUNTU-CVE-2024-11407
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network...
WordPress Parsi Date plugin <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter vulnerability
Reflected Cross-Site Scripting via addqueryarg Parameter vulnerability discovered by vgo0 in WordPress Plugin Parsi Date versions = 5.1.1...
WordPress plugin Premium Packages 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
The vulnerabilities of the functions ate_Tenda_mfg_check_usb() and ate_Tenda_mfg_check_usb3() (/goform/ate) in the Tenda AC1206 router’s microprogramming software allow a attacker to execute arbitrary code or cause service failures.
The vulnerability of the functions ateTendamfgcheckusb and ateTendamfgcheckusb3 /goform/ate of the Tenda AC1206 router’s microprogramming software lies in the fact that the operation outputs outside the buffer in memory when processing the parameter arg. Exploiting this vulnerability allows a...
WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg vulnerability
Reflected Cross-Site Scripting via addqueryarg vulnerability discovered by Peter Thaleikis in WordPress Plugin WPDM – Premium Packages versions = 5.9.3...
CVE-2024-11371
The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...
CVE-2024-11365
The Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers...
PT-2024-17007 · WordPress · Contestswp
Name of the Vulnerable Software and Affected Versions: ContestsWP plugin for WordPress versions up to, and including, 2.0.3 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without proper escaping on the URL. This allows unauthenticated attackers...