WordPress Plugin MainWP Code Snippets Extension 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2023-19103 · Mainwp · Mainwp Code Snippets Extension

Name of the Vulnerable Software and Affected Versions: MainWP MainWP Code Snippets Extension plugin versions prior to 4.0.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by authenticated users with subscriber or higher...

MainWP Code Snippets Extension < 4.0.3 - Subscriber+ Stored XSS

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting attacks...

MainWP Code Snippets Extension < 4.0.3 - Subscriber+ PHP Objection Injection

The plugin unserializes user input, which could allow any authenticated users, such as subscriber to perform PHP Object Injection...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23650 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 27d865081452 Credits Dave...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Broken Access Control

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-23655 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e9535c2d9219 Credits Dave Jon...

WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Arbitrary Code Execution

Software MainWP Code Snippets Extension Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A1: Injection Classification Arbitrary Code Execution CVE CVE-2023-23645 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID bd9b1b1be741 Credits Dave Jong Patchstack...

WordPress Code Snippets Plugin < 2.14.0 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Woody Code Snippets plugin <= 2.4.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Woody Code Snippets plugin versions = 2.4.5. Solution Update the WordPress Woody Code Snippets plugin to the latest available version at least 2.4.6...

Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting

The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting PoC https://example.com/wp-admin/edit.php?posttype=wbcr-snippets=import-wbcrinsertphp"...

Woody Code Snippets < 2.4.6 - Reflected Cross-Site Scripting

The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting https://example.com/wp-admin/edit.php?posttype=wbcr-snippets&page=import-wbcrinsertphp&a"alert/XSS/...

WordPress Code Snippets Plugin <= 2.14.3 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Code Snippets plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets plugin cross-site scripting vulnerability, which originates from the &orderby paramet...

WordPress Code Snippets Extended Cross-Site Request Forgery Vulnerability (CNVD-2022-49396)

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets Extended is vulnerable to cross-site request forgery, which can be exploited by...

WordPress Code Snippets Extended跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Code...

CVE-2022-25617

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

CVE-2022-25617

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

Cross site scripting

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

CVE-2022-25617 WordPress Code Snippets plugin <= 2.14.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...

CVE-2022-25617

The CVE-2022-25617 entry refers to a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress Code Snippets plugin up to version 2.14.3, exploitable via the &orderby parameter. Affected software: Code Snippets plugin for WordPress (