24 matches found
WordPress Payment Gateway for ACBA BANK plugin <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Payment Gateway for ACBA BANK versions = 1.2.6...
PT-2026-1636
Name of the Vulnerable Software and Affected Versions Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions through 3.1.4 Description The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is susceptible to unauthorized modification of order statuses. This is a result ...
WordPress plugin Piraeus Bank WooCommerce Payment Gateway 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPre...
EUVD-2023-52388
Malicious code in bioql PyPI...
EUVD-2022-42735
Malicious code in bioql PyPI...
CVE-2023-28165
Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28...
CVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2014-3841
Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...
CVE-2023-48332
Missing Authorization vulnerability in Varun Sharma Mail Bank - 1 Mail SMTP Plugin for WordPress wp-mail-bank allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - 1 Mail SMTP Plugin for WordPress: from n/a through = 4.0.14...
CVE-2023-48332
CVE-2023-48332 describes a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin “Mail Bank – #1 Mail SMTP Plugin for WordPress” (also referenced as wp-mail-bank). Affected versions are 4.0.14 and earlier. The issue arises from incorrectly configured access control s...
WordPress plugin Captcha Bank 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-0610
The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2022-3350
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin Contact Bank 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Gallery Bank plugin <= 4.0.50 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability via Media Upload Module
Authenticated Stored Cross-Site Scripting XSS vulnerability via Media Upload Module discovered by Vishnupriya Ilango Fortinet FortiGuard Labs in WordPress Gallery Bank plugin versions = 4.0.50. Solution Deactivate and delete. This plugin has been closed as of December 9, 2021 and is not available...
Gallery Bank Plugin for WordPress < 2.0.20 XSS
According to its self-reported version, the Gallery Bank Plugin for WordPress running on the remote web server is prior to 2.0.20. It is, therefore, affected by multiple reflected cross-site scripting vulnerabilities. A remote attacker can exploit these issues, via a specially crafted request, to...
WordPress Contact Bank Plugin <= 2.0.225 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade the plugin...
MyBB Bank- 3 Plugin - SQL Injection
No description provided by source. Exploit Title: Bank v3 MyBB plugin SQLi 0day Exploit Author: RedHat NullSec Software Link: http://mods.mybb.com/download/bank-v3 Tested on: Windows & Linux. Vulnerable code : ?php $user=$POST'rusername'; $pay=intval$POST'rpay'; $queryr=$db-querySELECT FROM...
Cross site scripting
Cross-site scripting XSS vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information...
CVE-2014-3841
The CVE-2014-3841 issue affects the WordPress Contact Bank Plugin (pre-2.0.20). The vulnerability is a stored/reflected XSS via the Label field tied to the plugin’s form layout configuration, allowing remote attackers to inject arbitrary script/HTML. Root cause: improper handling of input in the ...