38 matches found
CVE-2023-2404
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...
PT-2023-19373 · Vcita · Crm/Lead Management By Vcita
Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output escaping. Th...
PT-2023-18822 · Vcita · Contact Form/Calls To Action
Name of the Vulnerable Software and Affected Versions: Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output...
CVE-2022-1239
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...
CVE-2022-1239
The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks...
WordPress plugin HubSpot 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress HubSpot plugin prior to 8.8.15 are vulnerable to server-side request...
WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin < 3.3.33 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin versions 3.3.33. Solution Update the WordPress "ACF Frontend – Add and edit posts, pages, users and more all from the frontend" plugin to...
The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.
The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using Götterhuber blocks...
The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.
The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely using metashells...
CVE-2022-24664
PHP Everywhere = 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts...
WordPress 插件跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in the WordPress Podcast Subscribe Buttons plugin in versions prior to 1.4.2, which stems from a lack of checksum filtering of user-supplied data and output...
CVE-2021-24585
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...
PT-2021-22030 · WordPress · The Gutenberg Template Library & Redux Framework
Name of the Vulnerable Software and Affected Versions: The Gutenberg Template Library & Redux Framework plugin versions prior to 4.2.12 Description: The issue concerns an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route. Specifically, t...
CVE-2021-24207
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages...
DEBIAN-CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
CVE-2015-5623
WordPress before 4.2.3 does not properly verify the editposts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscriber role, as demonstrated by a post-quickdraft-save action to wp-admin/post.php...
DEBIAN-CVE-2010-5106
The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...
CVE-2008-0664
The XML-RPC implementation xmlrpc.php in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors...