EUVD-2014-6116

Malware in sbrugna...

EUVD-2014-9234

Malware in sbrugna...

CVE-2022-4260

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Cross site scripting

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-4260 WP-Ban < 1.69.1 - Admin+ Stored XSS

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP-Ban 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-4631 WP-Ban ban-options.php cross site scripting

A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. ...

WP-Ban < 1.69.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to the plugin settings and set these...

WordPress Plugin IP Ban Has Multiple Cross-Site Request Forgery Vulnerabilities

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. IP Ban plugin is a plugin used to prohibit certain IP addresses from accessing the blog, similar to the role of the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the IP Ban simple-ip-ban plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 iplist, 2 useragentlist, or 3 redirecturl...

CVE-2014-9413

Multiple cross-site request forgery CSRF vulnerabilities in the IP Ban simple-ip-ban plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 iplist, 2 useragentlist, or 3 redirecturl...

PT-2014-7103 · WordPress · Wp-Ban

Name of the Vulnerable Software and Affected Versions: WP-Ban plugin versions prior to 1.6.4 Description: The issue allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header when running in certain configurations. Recommendations: For WP-Ban plugin versions prior to...

CVE-2014-6230

WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header...

CVE-2014-6230

CVE-2014-6230 affects the WordPress WP-Ban plugin, prior to version 1.6.4. The vulnerability arises because the plugin takes the IP address from the X-Forwarded-For header when configured in certain environments, bypassing the plugin’s IP blacklist. This allows remote attackers to bypass bans if ...

WordPress WP Ban Plugin <= 1.6.3 - BYPASS

Because of this vulnerability, the attackers can bypass the IP blacklist via a crafted X-Forwarded-For header. Solution Update the plugin...

sfquickban_plugin_CSRF

================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...

Seditio SF Quick Ban 1.0 Cross Site Request Forgery

================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...