15 matches found
EUVD-2014-3819
Malware in sbrugna...
WordPress Login Rebuilder Cross Site Scripting
Tittle: WordPress Plugin Login Rebuilder " 3. Save the changes to trigger XSS. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/7b356b82-5d03-4f70-b4ce-f1405304bb52...
CVE-2023-2223
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2223 Login Rebuilder < 2.8.1 - Admin+ Stored XSS
The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-18385 · WordPress · Login Rebuilder
Name of the Vulnerable Software and Affected Versions: Login rebuilder WordPress plugin versions prior to 2.8.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...
WordPress plugin Login rebuilder 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Login Rebuilder Plugin < 2.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Login Rebuilder Type Plugin Vulnerable versions 2.8.1 Fixed in 2.8.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2223 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b98403680c8c Credits Taurus Omar Required...
Login Rebuilder < 2.8.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Settings » Login rebuilder 2. In Login...
Login Rebuilder < 2.8.1 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Settings » Login rebuilder 2. In...
CVE-2014-3882
Cross-site request forgery CSRF vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users...
CVE-2014-3882
Cross-site request forgery CSRF vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users...
CVE-2014-3882
CVE-2014-3882 affects the WordPress Login Rebuilder plugin prior to version 1.2.0. It is a Cross-Site Request Forgery (CSRF) vulnerability that could allow remote attackers to hijack the authentication of arbitrary users. A fixed release (1.2.3) was released around 2014-06-24/25, with advisories ...
Login rebuilder vulnerable to cross-site request forgery
Overview Login rebuilder is a plugin for WordPress. Login rebuilder contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the...