CVE-2021-39334

The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjbexpin and the psjbcurrin parameters found in the /job-settings.php file which allowed attackers with administrative user access to inject arbitrary...

CVE-2021-39344

The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary w...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a security vulnerability that stems from insufficient input validation and cleanup of several parameters found in the /admin/jobsfunction.php file of the job-portal plugin, which is susceptible ...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from the HAL plugin's vulnerability to stored cross-site scripting due to insufficient input validation and cleanup due to several parameters in t...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from insufficient input validation and cleanup of several parameters found in the /admin-jobs.php file of the Job Manager plugin and is vulnerable...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from the WpGenius Job Listing plugin being susceptible to stored cross-site scripting attacks due to insufficient input validation and cleanup. Th...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin is vulnerable to a cross-site scripting vulnerability that arises from insufficient input validation and cleanup in the Job Board Vanila plugin via the psjbexpin and psjbcurrin parameters in the...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin that stems from insufficient input validation and cleanup in the Business Manager plugin, which makes it vulnerable to stored cross-site scripting, allowing an...

PT-2021-22538

Name of the Vulnerable Software and Affected Versions: Business Manager WordPress plugin versions up to and including 1.4.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input validation and sanitization throughout the plugin. This allows attackers with...

CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

WordPress 访问控制错误漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress SendGrid plugin version 1.11.8 and earlier is vulnerable to an access control error, which stems fro...

VulnCheck KEV: CVE-2021-34629

The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...

CVE-2021-24366 Admin Columns Free < 4.3 & Pro < 5.5.1 - Admin+ Stored XSS in Label

The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...

Insecure Spam Embeds

wordpress allows for insecure spam embeds. It doe not properly disable spam embeds from deleted/archived/spam sites on a multisite network...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

DEBIAN-CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

UBUNTU-CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

Design/Logic Flaw

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

CVE-2020-28033

WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed...

CVE-2020-28033

WordPress CVE-2020-28033 affects WordPress before 5.5.2 on multisite networks. The vulnerability stems from how embeds from disabled sites are handled, allowing a spam embed to be processed. Connected sources confirm WordPress 5.5.2 addressed this issue by hardening or disabling spam embeds on mu...