16 matches found
CVE-2020-36704
The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitfulthemeoptionsaction AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2020-36704
The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitfulthemeoptionsaction AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2020-36704
CVE-2020-36704 (WordPress Fruitful Theme) is a stored XSS vulnerability affecting versions up to and including 3.8.1. The issue arises from insufficient input sanitization and output escaping in parameters stored via the fruitful_theme_options_action AJAX action. Exploitation requires authenticat...
WordPress Theme Fruitful 跨站脚本漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...
WordPress Fruitful theme <= 3.8.1 - Authenticated Theme Options Deletion vulnerability
Authenticated Theme Options Deletion vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...
Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion
The lack of capability and nonce checks in the fruitfuldatasave ajax call could allow attacker to perform stored XSS attack using a low privilege account. "Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users: fruitfulresetbtn: thi...
WordPress Fruitful theme <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...
WordPress Theme Fruitful Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Theme Fruitful, which can be...
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Category : Webapps Software Link:...
WordPress Fruitful theme <= 3.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Behzad Khalifeh and Milad Ranjbar in WordPress Fruitful theme versions = 3.8. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.1...
WordPress Fruitful 3.8 Cross Site Scripting
Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip Vendo...
Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" PoC Ad...
Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" Add a...
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip Vendo...
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting
WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Lin...
WordPress Zoner Real Estate Theme 4.1.1 Cross Site Scripting
Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...