3476 matches found
CVE-2021-39345
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...
CVE-2021-39336
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...
CVE-2021-39335
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to...
CVE-2021-39332
The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This...
CVE-2021-39338
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, i...
CVE-2021-39334
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjbexpin and the psjbcurrin parameters found in the /job-settings.php file which allowed attackers with administrative user access to inject arbitrary...
CVE-2021-39337
The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions ...
CVE-2021-39344
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary w...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from the HAL plugin's vulnerability to stored cross-site scripting due to insufficient input validation and cleanup due to several parameters in t...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from insufficient input validation and cleanup of several parameters found in the /admin-jobs.php file of the Job Manager plugin and is vulnerable...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site scripting vulnerability that stems from the WpGenius Job Listing plugin being susceptible to stored cross-site scripting attacks due to insufficient input validation and cleanup. Th...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin is vulnerable to a cross-site scripting vulnerability that arises from insufficient input validation and cleanup in the Job Board Vanila plugin via the psjbexpin and psjbcurrin parameters in the...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin that stems from insufficient input validation and cleanup in the Business Manager plugin, which makes it vulnerable to stored cross-site scripting, allowing an...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a security vulnerability that stems from insufficient input validation and cleanup of several parameters found in the /admin/jobsfunction.php file of the job-portal plugin, which is susceptible ...
PT-2021-22538
Name of the Vulnerable Software and Affected Versions: Business Manager WordPress plugin versions up to and including 1.4.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input validation and sanitization throughout the plugin. This allows attackers with...
CVE-2021-34629
The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...
WordPress 访问控制错误漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress SendGrid plugin version 1.11.8 and earlier is vulnerable to an access control error, which stems fro...
VulnCheck KEV: CVE-2021-34629
The SendGrid WordPress plugin is vulnerable to authorization bypass via the getajaxstatistics function found in the /lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8...
CVE-2021-24366 Admin Columns Free < 4.3 & Pro < 5.5.1 - Admin+ Stored XSS in Label
The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowe...
Insecure Spam Embeds
wordpress allows for insecure spam embeds. It doe not properly disable spam embeds from deleted/archived/spam sites on a multisite network...