Lucene search
K

16 matches found

NVD
NVD
added 2023/06/07 2:15 a.m.27 views

CVE-2020-36704

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitfulthemeoptionsaction AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS5.7AI score0.005EPSS
Exploits1References2
OSV
OSV
added 2023/06/07 2:15 a.m.6 views

CVE-2020-36704

The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters stored via the fruitfulthemeoptionsaction AJAX action in versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

5.4CVSS5.9AI score
Exploits0References2
CVE
CVE
added 2023/06/07 1:51 a.m.39 views

CVE-2020-36704

CVE-2020-36704 (WordPress Fruitful Theme) is a stored XSS vulnerability affecting versions up to and including 3.8.1. The issue arises from insufficient input sanitization and output escaping in parameters stored via the fruitful_theme_options_action AJAX action. Exploitation requires authenticat...

6.4CVSS5AI score0.005EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.4 views

WordPress Theme Fruitful 跨站脚本漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress Theme Fruitful version 3.8.1 and prior...

6.4CVSS5.4AI score0.005EPSS
Exploits1References3
Patchstack
Patchstack
added 2021/03/13 12:0 a.m.8 views

WordPress Fruitful theme <= 3.8.1 - Authenticated Theme Options Deletion vulnerability

Authenticated Theme Options Deletion vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...

2.8AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/13 12:0 a.m.13 views

Fruitful < 3.8.2 - Authenticated Stored XSS & Theme Options Deletion

The lack of capability and nonce checks in the fruitfuldatasave ajax call could allow attacker to perform stored XSS attack using a low privilege account. "Three other AJAX actions that should be accessible to the administrator only are accessible to any authenticated users: fruitfulresetbtn: thi...

3AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/03/13 12:0 a.m.10 views

WordPress Fruitful theme <= 3.8.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Fruitful theme versions = 3.8.1. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.2...

2AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/02/20 12:0 a.m.2 views

WordPress Theme Fruitful Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in WordPress Theme Fruitful, which can be...

5.9AI score
Exploits0References1
0day.today
0day.today
added 2020/02/18 12:0 a.m.308 views

WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Category : Webapps Software Link:...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2020/02/17 12:0 a.m.13 views

WordPress Fruitful theme <= 3.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Behzad Khalifeh and Milad Ranjbar in WordPress Fruitful theme versions = 3.8. Solution Update the WordPress Fruitful theme to the latest available version at least 3.8.1...

1.8AI score
Exploits0References2Affected Software1
Packet Storm
Packet Storm
added 2020/02/17 12:0 a.m.172 views

WordPress Fruitful 3.8 Cross Site Scripting

Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip Vendo...

0.1AI score
Exploits0
WPVulnDB
WPVulnDB
added 2020/02/17 12:0 a.m.18 views

Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" PoC Ad...

0.4AI score
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2020/02/17 12:0 a.m.14 views

Fruitful Theme < 3.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The Fruitful WordPress theme, version 3.8 and possibly below, was affected by an unauthenticated Reflected Cross-Site Scripting XSS vulnerability. The vulnerability was patched in version 3.8.1 of the Theme, although the changelog file only mentions: "Bug fix: Fixed issues on comment form" Add a...

0.1AI score
Exploits0References3
Exploit DB
Exploit DB
added 2020/02/17 12:0 a.m.163 views

WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting

Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Link: https://downloads.wordpress.org/theme/fruitful.3.8.zip Vendo...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2020/02/17 12:0 a.m.46 views

WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting

WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Exploit Title: WordPress Theme Fruitful 3.8 - Persistent Cross-Site Scripting Dork: intext:"Fruitful theme by fruitfulcode Powered by: WordPress" intext:"Comment" intext:"Leave a Reply" Date: 2020-02-14 Category : Webapps Software Lin...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2019/09/27 12:0 a.m.256 views

WordPress Zoner Real Estate Theme 4.1.1 Cross Site Scripting

Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder