zbzcms SQL注入漏洞

zbzcms Station Helper CMS is a content management website of China Station Helper CMS zbzcms Inc. zbzcms version 1.0 has a SQL injection vulnerability, which originates from a SQL injection vulnerability found through the id parameter of /php/ajax.php. No detailed vulnerability details are...

@0xcert/ethereum-bitski-backend-provider (>=2.0.0 <=2.0.3), @0xcert/ethereum-bitski-frontend-provider (>=2.0.0 <=2.0.3) +855 more potentially affected by CVE-2021-43138 via async (>=3.0.0 <=3.2.1)

async NPM version =3.0.0, =2.0.0, =2.0.0, =4.3.0, =0.0.6-1, =3.6.5, =0.0.73, =1.5.1, =1.7.58, =0.0.1, =1.3.6, =13.0.6, =5.1.1, =1.3.1, =0.0.2, =0.4.0-next.28 - @ahm-monash/private-test =1.0.0 and more Source cves: CVE-2021-43138 Source advisory: OSV:GHSA-FWR7-V2MV-HH25...

WordPress plugin SpeakOut! Email Petitions SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress SpeakOut! dkspeakoutsendmail AJAX operation is not cleaned up and escaped before the id parameter is used, an attacker can u...

CVE-2022-0694

The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection...

libnbd: nbdcopy: missing error handling may create corrupted destination image

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

WordPress plugin Infographic Maker SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...

WordPress plugin FormCraft 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue vulnerability previously existed in the WordPres...

WordPress plugin BookingPress SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin BookingPress 1.0.11 version befor...

PT-2022-13401 · WordPress · Bookingpress

Name of the Vulnerable Software and Affected Versions: BookingPress WordPress plugin versions prior to 1.0.11 Description: The issue arises from the failure to properly sanitize user-supplied POST data, which is then used in a dynamically constructed SQL query. This occurs via the "bookingpress...

WordPress plugin Advanced Booking Calendar SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. WordPress plugin Advanced Booking Calendar version prior to...

libnbd: nbdcopy: missing error handling may create corrupted destination image

A flaw was found in the copying tool nbdcopy of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the error parameter. This could result in the silent creation of a...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. WordPress Advanced Product Labels for WooCommerce plugin version 1.2.3.7 has a cross-site scripting vulnerability. The vulnerability stem...

WordPress plugin SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress WP Email Users plugin version 1.7.6 and previous versions have a SQL injection vulnerability, which originates from WP Email...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Master Addons for Elementor plugin versions prior to 1.8.5 contain a cross-site scripting vulnerability that stems from the plugin's...

CVE-2022-0410

The WP Visitor Statistics Real Time Traffic WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available to any authenticated user, leading to a SQL injection...

WordPress的Video Conferencing with Zoom插件信息泄露漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Video Conferencing with Zoom Plugin prior to versi...

CVE-2020-36510

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2021-24688

The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in all of its AJAX calls, for example the ordeletefiled one which is available to both unauthenticated and authenticated users could allow attackers to delete arbitrary posts.The AJAX calls performing...

WordPress 信息泄露漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Emails and Alerts plugin prior to 1.8.7. The vulnerability stems from the failure of the custom WordPress Emails and Alerts...

CVE-2022-0234

The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocsinordercurrency parameter of the woocsgetproductspricehtml AJAX action available to both unauthenticated and authenticated users before outputting it back in the response, leading to a Reflected Cross-Site Scripting...