Lucene search
K

27 matches found

CNNVD
CNNVD
added 2022/06/13 12:0 a.m.4 views

WordPress plugin Simple Membership 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Simple Membership plugin prior to...

6.1CVSS5.7AI score0.01693EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/03/14 12:0 a.m.5 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Advanced Product Labels for WooCommerce plugin version 1.2.3.7 has a cross-site scripting vulnerability. The vulnerability stem...

6.1CVSS4.7AI score0.00863EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2022/03/07 9:15 a.m.4 views

CVE-2022-0410

The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection...

8.8CVSS7.8AI score0.01297EPSS
Exploits2References2
OSV
OSV
added 2021/08/02 11:15 a.m.3 views

CVE-2021-24474

The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesomeweatherrefresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting XSS Vulnerability...

6.1CVSS6.4AI score0.00726EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2021/06/10 12:0 a.m.5 views

The vulnerability of the modular library for simplifying the development of JavaScript or AJAX-based applications and websites allows attackers to compromise the confidentiality, integrity, and accessibility of protected information due to improper coding or the concealment of output data.

The vulnerability of the modular library used for simplifying the development of JavaScript- or AJAX-based applications and websites in the Dojo Toolkit is related to incorrect coding or the concealment of output data. Exploiting this vulnerability can allow an attacker to compromise the...

9.8CVSS7.7AI score0.02611EPSS
Exploits2References6Affected Software3
OSV
OSV
added 2021/01/12 10:15 p.m.2 views

CVE-2021-23928

OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string...

6.1CVSS6.4AI score0.01133EPSS
Exploits0References1
OSV
OSV
added 2016/08/07 4:59 p.m.2 views

UBUNTU-CVE-2016-6635

Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...

8.8CVSS7.3AI score0.02489EPSS
Exploits0References3
Rows per page
Query Builder