Server-Side Request Forgery

seo-by-rank-math is vulnerable to server-side request forgery. The vulnerability exists in the archiveredirect function in class-frontend.php because it doesn't properly validate urls which allows a remote attacker to cause an ssrf bypass via a crafted url...

CVE-2022-1961

The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...

Cross site scripting

The Google Tag Manager for WordPress GTM4WP plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the gtm4wp-optionsscroller-contentid parameter found in the /public/frontend.php file which allowed attackers with administrative user access to inject arbitrary web...

Cross-site Request Forgery (CSRF)

bolt/bolt is vulnerable to cross-site request forgery. The vulnerability exists as it accepts requests without a valid token in the preview generating endpoint in src/Controller/Frontend.php which allows an attacker to inject and execute arbitrary javascript...

beafordoldarchive.org.uk XSS vulnerability

Open Bug Bounty ID: OBB-364036 Description| Value ---|--- Affected Website:| beafordoldarchive.org.uk Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Preventio...

instantCMS 1.6 /components/search/frontend.php 代码执行漏洞

No description provided by source...