73 matches found
CVE-2023-52131 WordPress Page Generator Plugin <= 1.7.1 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WP Zinc Page Generator.This issue affects Page Generator: from n/a through 1.7.1...
CVE-2023-45644
CVE-2023-45644: Authenticated (admin+) Stored Cross-Site Scripting in the CPT Shortcode Generator plugin prior to or at version 1.0. Root cause details are not explicitly stated in the provided documents, but the vulnerability is described as a stored XSS affecting admin-level contexts. Public ex...
CVE-2023-34022
CVE-2023-34022 affects the WordPress Dynamic QR Code Generator plugin (versions
CVE-2023-33329
Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...
CVE-2023-33329 WordPress Custom Post Type Generator Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Reflected Cross-Site Scripting XSS vulnerability in Hijiri Custom Post Type Generator plugin = 2.4.2 versions...
CVE-2023-35038 WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in wpexperts.Io WP PDF Generator plugin = 1.2.2 versions...
CVE-2023-35038
Summary (CVE-2023-35038) Cross-Site Request Forgery (CSRF) in the WordPress plugin WP PDF Generator (wpexperts.Io) versions
WordPress Plugin Float menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...
CVE-2023-2607
The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection
The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2023-2607 Multiple Page Generator Plugin <= 3.3.17 - Authenticated (Administrator+) SQL Injection
The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2023-31233
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Haoqisir Baidu Tongji generator plugin = 1.0.2 versions...
CVE-2023-31233
CVE-2023-31233 affects the Baidu Tongji generator WordPress plugin (
CVE-2022-47143
Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...
CVE-2022-47143
CVE-2022-47143 is a CSRF vulnerability in Themeisle’s MPG Plugin (WordPress) versions
CVE-2022-47143 WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.9 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin = 3.3.9 versions...
SUSE CVE-2016-6631
An issue was discovered in phpMyAdmin. A user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file...
CVE-2022-4321
The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin...
CVE-2022-2100
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
WordPress Page Generator plugin <= 1.6.5 - Arbitrary Keywords Deletion/Duplication via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Keywords Deletion/Duplication via Cross-Site Request Forgery CSRF vulnerability discovered by WPScanTeam in WordPress Page Generator plugin versions = 1.6.5. Solution Update the WordPress Page Generator plugin to the latest available version at least 1.6.6...