127 matches found
CVE-2023-22694 WordPress BigContact Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin = 1.5.8 versions...
CVE-2023-22694
CVE-2023-22694 is a CSRF vulnerability in the WordPress BigContact Contact Page plugin versions ≤ 1.5.8. Public sources describe unauthenticated CSRF impacting plugin settings updates; the patch status in the provided documents indicates the issue remains unpatched for BigContact ≤ 1.5.8, with pa...
CVE-2023-24395 WordPress Contact Form 7 Redirect & Thank You Page Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin = 1.0.3 versions...
CVE-2023-24395
CVE-2023-24395 affects the WordPress plugin “Scott Paterson Contact Form 7 Redirect & Thank You Page” (≤ 1.0.3). The vulnerability is Cross-Site Request Forgery (CSRF) that could enable unauthorized actions on behalf of an authenticated user. Public sources indicate the issue has been fixed in ve...
CVE-2015-10119
CVE-2015-10119 affects the WordPress View All Posts Page Plugin up to version 0.9.0. The issue resides in the action_admin_notices_activation function and enables cross-site scripting, with remote initiation possible. A fix is available in version 0.9.1; apply upgrade to address the vulnerability...
CVE-2015-10119 View All Posts Page Plugin view-all-posts-pages.php action_admin_notices_activation cross site scripting
A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function actionadminnoticesactivation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiat...
CVE-2023-22720
CVE-2023-22720 affects the WordPress plugin WP Links Page by Robert Macchi. Versions ≤ 4.9.3 are vulnerable to a Stored XSS due to inadequate input handling. The vulnerability impact is described in the CVE as cross-site scripting, with a PatchSTACK entry noting the fix in version 4.9.4 . No expl...
WordPress plugin WP Links Page 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2023-24398
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Snap Creek Software EZP Coming Soon Page plugin = 1.0.7.3 versions...
CVE-2023-24398
CVE-2023-24398 affects the WordPress EZP Coming Soon Page plugin prior to version 1.0.7.4 (<=1.0.7.3). The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) in the plugin. Root cause: stored XSS under admin privileges, allowing injection that could affect site visito...
CVE-2022-4754
The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin...
CVE-2022-4754
CVE-2022-4754 affects the WordPress plugin Easy Social Box / Page Plugin (
WordPress plugin Social Like Box and Page by WpDevArt 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2022-4675
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
Cross site scripting
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4675
The CVE-2022-4675 entry concerns the WordPress plugin The Mongoose Page Plugin, prior to version 1.9.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation and escaping of a shortcode attribute, enabling users with as little as Contributor role to injec...
CVE-2022-4675 Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
PT-2023-15011 · WordPress · Mongoose Page Plugin
Name of the Vulnerable Software and Affected Versions: Mongoose Page Plugin WordPress plugin versions prior to 1.9.0 Description: The issue concerns a lack of validation and escaping of one of the shortcode attributes in the Mongoose Page Plugin, potentially allowing users with a role as low as...
Mongoose Page Plugin < 1.9.0 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: facebook-page-plugin href='test.js' method='sdk' language='" onerror="alert1"'...