WordPress plugin Insert PHP Code Snippet 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Insert PHP Code Snippet Plugin <= 1.3.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Insert PHP Code Snippet Type Plugin Vulnerable versions = 1.3.6 Fixed in 1.3.7 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43275 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID f6953adb666a Credits Rafie...

Code-Projects Simple Ticket Booking SQL注入漏洞

Code-Projects Simple Ticket Booking is a simple ticket booking system from Code-Projects open source. Code-Projects Simple Ticket Booking version 1.0 has a SQL injection vulnerability that originates from the name/email/dob/password/Gender/ phone parameter in the Registration Handler component of...

PT-2024-23740 · Unknown +1 · Adsense Ads +1

Name of the Vulnerable Software and Affected Versions: Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress versions up to, and including, 2.5.0 Description: The issue allows for Remote Code Execution via the insert php shortcode due to the lack of restrictions on its...

CVE-2024-0658

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible f...

WordPress Plugin Insert PHP Code Snippet Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-31942

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php...

Online Travel Agency System 跨站脚本漏洞

Online Travel Agency System is an online travel agency system. Online Travel Agency System v1.0 version of a cross-site scripting vulnerability, the vulnerability stems from the insert.php parameter description of the user-supplied data lack of effective filtering and escaping, an attacker can...

WordPress insert-php plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress insert-php plugin versions prior to 2.2.8. The...

CVE-2019-16289

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

Design/Logic Flaw

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

CVE-2019-16289

CVE-2019-16289 concerns the WordPress plugin insert-php (Woody ad snippets) , affected versions prior to 2.2.8. The vulnerability allows authenticated Cross-Site Scripting (XSS) through the winp_item parameter . Red Hat and CVE listings consistently describe the issue as an authenticated XSS flaw...

CVE-2019-16289

The insert-php aka Woody ad snippets plugin before 2.2.8 for WordPress allows authenticated XSS via the winpitem parameter...

WordPress 4.7.0 / 4.7.1 Plugin Insert PHP - PHP Code Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage:...

WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection

Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage: https://fr.wordpress.org/plugins/insert-php/ Tested on: MSWin32 Version: 3.3.1 Explanation :...

WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection

WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage:...

SPiD 1.3.1 Scan_Lang_Insert.PHP Local File Include Vulnerability

No description provided by source...

Directory traversal

Directory traversal vulnerability in scanlanginsert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter...