WordPress QR Code Tag for WC plugin <= 1.9.42 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin QR Code Tag for WC versions = 1.9.42...

PT-2025-15022 · Unknown · Qr Code Tag For Wc

Name of the Vulnerable Software and Affected Versions: QR Code Tag for WC versions 1.9.36 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the QR Code Tag for WC, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.9.36 and...

MAL-2025-1713 Malicious code in airbnb-internal (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-12035 Malicious code in scalavex (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f2c3e20b9de8d5df626f2290f08c5a19243ce682e61ef5b05fc6796febf73e30 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from not marking the code tag of a poisoned page as empty...

QR Code Tag <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its qrcodetag shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5567

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

PT-2023-32182 · WordPress · Qr Code Tag

Name of the Vulnerable Software and Affected Versions: QR Code Tag plugin for WordPress versions up to, and including, 1.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the 'qrcodetag' shortcode, allowing authenticated...

WordPress QR Code Tag Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software QR Code Tag Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5567 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1f923c2a1cd Credits Lana Codes Required privilege...

WordPress Plugin QR Code Tag Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

RemShutdown 2.9.0.0 - Name Denial of Service (PoC)

RemShutdown 2.9.0.0 - Name Denial of Service PoC Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested o...

SpotIM 2.2 - &#039;Name&#039; Denial Of Service

Exploit Title: SpotIM 2.2 - 'Name' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotimsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

phpList 2.10.x - &#039;email&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/47580/info PHPList is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

FreeBSD - &#039;pseudofs&#039; Null Pointer Dereference Privilege Escalation

/ source: https://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / define SYSENT8SYCALLADDR 0xc0c4afa4 / FreeBSD 7.2-RELEASE / define...

PolyPager 1.0rc10 - &#039;FCKeditor&#039; Arbitrary File Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Vendor:...

Novell eDirectory 9.0 - DHost Remote Buffer Overflow

Novell eDirectory 9.0 - DHost Remote Buffer Overflow / . \ \ \ \ | | / | | | | \ / / /\ \ / \ | \ / / / / 30\10\06 / || / / mm. dM8 YMMMb. dMM8 YMMMMb dMMM' YMMMb dMMMP There are doors I have yet to open YMMM MMM' windows I have yet to look through "MbdMP Going forward may not be the answer...

timberland.txt

There's a vulnerability in Timberland's search engine. The variable 'keywords' in searchHandler/index.jsp is not correctly sanitized. URL: hxxp://www.timberland.com/searchHandler/index.jsp?keywords=XSS Code Example: hxxp://www.timberland.com/searchHandler/index.jsp?keywords=alert'test'; Author: O...

Invision Power Board (IP.Board) 1.x/2.0.3 - SML Code Script Injection

source: https://www.securityfocus.com/bid/12607/info Invision Power Board is reported prone to a JavaScript injection vulnerability. It is reported that the SML Code 'COLOR' tag is not sufficiently sanitized of malicious script content. Since this could permit an attacker to inject hostile...

[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM

Hat-Squad Advisory: SQL injection and XSS Vulnerabilities in HELM November 2, 2004 Product: HELM Web Hosting Control Panel Vendor URL: http://helm.webhostautomation.com Version: HELM 3.1.19 and lower Vulnerability: SQL injection and XSS Release Date: November 2, 2004 Vendor Status: Informed on 28...