27 matches found
WordPress plugin Simple Membership 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Simple Membership plugin prior to...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Advanced Product Labels for WooCommerce plugin version 1.2.3.7 has a cross-site scripting vulnerability. The vulnerability stem...
CVE-2022-0410
The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection...
CVE-2021-24474
The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability...
The vulnerability of the modular library for simplifying the development of JavaScript or AJAX-based applications and websites allows attackers to compromise the confidentiality, integrity, and accessibility of protected information due to improper coding or the concealment of output data.
The vulnerability of the modular library used for simplifying the development of JavaScript- or AJAX-based applications and websites in the Dojo Toolkit is related to incorrect coding or the concealment of output data. Exploiting this vulnerability can allow an attacker to compromise the...
CVE-2021-23928
OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...
UBUNTU-CVE-2016-6635
Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...