CVE-2022-45836

Unauth. Reflected Cross-Site Scripting XSS vulnerability in W3 Eden, Inc. Download Manager plugin = 3.2.59 versions...

CVE-2022-45836

CVE-2022-45836 affects W3 Eden, Inc. Download Manager plugin for WordPress, version 3.2.59 and earlier. The connected PT-Security entry specifies an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in this plugin, exploitable without authentication. The issue is mitigated by upg...

CVE-2023-23979

Unauth. Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 versions...

CVE-2023-23979

The CVE-2023-23979 entry concerns the WordPress Quick Event Manager plugin (Fullworks) with an unauthenticated Stored Cross-Site Scripting (XSS) vulnerability affecting versions prior to 9.7.5. The issue is tied to improper handling of input (e.g., the "yourname" parameter) leading to XSS. No exp...

CVE-2022-47154 WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pi Websolution CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce plugin = 2.4.49 versions...

Debian: Security Advisory (DSA-1976-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-0144 Event Manager and Tickets Selling Plugin for WooCommerce < 3.8.0 - Contributor+ Stored XSS

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-26329

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

Privilege escalation

File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL...

WordPress Quick Event Manager Plugin <= 9.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Quick Event Manager Type Plugin Vulnerable versions = 9.7.4 Fixed in 9.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23979 Patch priority Medium CVSS severity Medium 7.1 Developer Fullworks Plugins PSID c7609f23707d Credits yuyudhn...

Cross site scripting

The Download Manager WordPress plugin before 3.2.62 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks against logged-in admins...

CVE-2022-4755

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

CVE-2022-4755

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

Cross site scripting

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

CVE-2022-4755

FlatPress vulnerability CVE-2022-4755 affects the Mediamanager plugin’s panel.mediamanager.file.php main function. The issue arises from unvalidated handling of the mm-newgallery-name argument, enabling cross-site scripting. Exploitation may be remote; patch d3f329496536dc99f9707f2f295d571d65a496...

CVE-2022-4755 FlatPress Media Manager Plugin panel.mediamanager.file.php main cross site scripting

A vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scriptin...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. FlatPress has a cross-site scripting vulnerability, the vulnerability stems from a problem with the function main in the fp-plugins/mediamanager/panels/panel.mediamanager.file.php file of the component...

CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

FlatPress < 1.3 Multiple Vulnerabilities

FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-26366

Cross-Site Request Forgery CSRF in AdRotate Banner Manager Plugin = 5.9 on WordPress...