Lucene search
K

115 matches found

OSV
OSV
added 2023/07/24 11:15 a.m.2 views

CVE-2023-2309

The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability...

6.1CVSS7.3AI score0.00838EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/04 7:23 a.m.18 views

CVE-2023-2324 Elementor Forms Google Sheet Connector < 1.0.7 - Reflected XSS

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...

6.2AI score0.00458EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2023/06/16 12:0 a.m.17 views

WP Backup Manager <= 1.13.1 - Reflected XSS

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS6AI score0.00382EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.4 views

WordPress Plugin Active Directory Integration 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

6.5CVSS7AI score0.00424EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/05/15 12:0 a.m.12 views

ConvertKit < 2.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS8.5AI score0.00458EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/05/02 12:0 a.m.18 views

Loginizer 1.7.8 - Reflected XSS

The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...

6.1CVSS8.5AI score0.00493EPSS
Exploits2Affected Software1
CVE
CVE
added 2023/04/16 6:34 a.m.70 views

CVE-2023-29211

CVE-2023-29211 affects XWiki Commons. The vulnerability allows any user with view rights WikiManager.DeleteWiki to execute arbitrary Groovy, Python, or Velocity code, granting full access to the XWiki installation. Root cause is improper escaping of the wikiId URL parameter. Patches are available...

9.9CVSS9.4AI score0.01193EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.26 views

WordPress plugin Calculated Fields Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

4.8CVSS6.6AI score0.00473EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/02/22 12:0 a.m.8 views

PT-2023-20322 · Sequelize · Sequelize

Name of the Vulnerable Software and Affected Versions: Sequelize versions prior to 6.19.1 Description: The issue is related to SQL injection due to improper escaping of parameters passed through replacements. This can lead to arbitrary SQL injection depending on the specific queries in use. For...

10CVSS9.5AI score0.01444EPSS
Exploits2References11
CNNVD
CNNVD
added 2023/02/22 12:0 a.m.4 views

Sequelize SQL注入漏洞

Sequelize is a database ORM Object Relational Mapping tool for Node.js. A security vulnerability exists in Sequelize versions prior to 6.19.1, which stems from an SQL injection vulnerability due to not properly escaping parameters...

10CVSS8.6AI score0.01444EPSS
Exploits2References5
OSV
OSV
added 2023/02/13 3:15 p.m.4 views

CVE-2023-0098

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber...

8.8CVSS5.8AI score0.00943EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.7 views

WordPress plugin Hide My WP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

9.8CVSS8.6AI score0.03824EPSS
Exploits5References4
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.3 views

WordPress plugin Top 10 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.4 views

WordPress plugin The Easy Bootstrap Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.4 views

WordPress plugin Sitemap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/01/23 12:0 a.m.4 views

WordPress plugin Login Logout Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS5.4AI score0.00534EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.5 views

PT-2022-25692 · WordPress · Iws Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: IWS WordPress plugin version 1.0 Description: The issue arises from the improper escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to an unauthenticat...

9.8CVSS9.8AI score0.04955EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.3 views

WordPress plugin Buddybadges SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

7.2CVSS7.2AI score0.00964EPSS
Exploits2References3
CNVD
CNVD
added 2022/11/30 12:0 a.m.22 views

WordPress HTML Forms plugin SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

7.2CVSS7AI score0.01786EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/10/31 12:0 a.m.13 views

WordPress plugin WordPress Classifieds Plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

9.8CVSS8.5AI score0.05103EPSS
Exploits2References2
Rows per page
Query Builder