100 matches found
CVE-2024-13852 Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...
CVE-2024-13852 Option Editor <= 1.0 - Cross-Site Request Forgery to Arbitrary Options Update
The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the pluginpage function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, grant...
CVE-2024-13661
The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-13661 Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Table Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wptableeditorvtabs' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2022-2446
The WP Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'currentthemeroot' parameter in versions up to, and including 1.2.9. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper that will...
WordPress WP Editor plugin <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization vulnerability
Authenticated Admin+ PHAR Deserialization vulnerability discovered by Rasoul Jahanshahi in WordPress Plugin WP Editor versions = 1.2.9...
WordPress WP Editor Plugin <= 1.2.9 is vulnerable to PHP Object Injection
Software WP Editor Type Plugin Vulnerable versions = 1.2.9 Fixed in 1.2.9.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2446 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 2c7bc2d905b6 Credits Rasoul Jahanshahi Required privilege...
PT-2024-18232 · WordPress · Custom Woocommerce Checkout Fields Editor
Name of the Vulnerable Software and Affected Versions: Custom WooCommerce Checkout Fields Editor plugin for WordPress versions up to, and including, 1.3.1 Description: The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save wcfe...
WordPress Plugin WP Editor Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
CVE-2024-1095
The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...
CVE-2024-24701 WordPress Setka Editor Plugin <= 2.1.20 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...
WordPress plugin WP Smart Editor cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2021-24151 WP Editor < 1.2.7 - Authenticated SQL injection
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...
CVE-2023-45276
Cross-Site Request Forgery CSRF vulnerability in automatededitor.Com Automated Editor plugin = 1.3 versions...
CVE-2023-45276
CVE-2023-45276 : CSRF in the WordPress plugin Automated Editor (Automated Editor) for versions
CVE-2023-1982
The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-31541
A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server...
CVE-2022-33961
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WaspThemes Visual CSS Style Editor plugin = 7.5.8 versions...
CVE-2022-43770
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API...