115 matches found
CVE-2023-2309
The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability...
CVE-2023-2324 Elementor Forms Google Sheet Connector < 1.0.7 - Reflected XSS
The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high...
WP Backup Manager <= 1.13.1 - Reflected XSS
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress Plugin Active Directory Integration 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
ConvertKit < 2.2.1 - Reflected XSS
The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
Loginizer 1.7.8 - Reflected XSS
The plugin does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open a page with the code below...
CVE-2023-29211
CVE-2023-29211 affects XWiki Commons. The vulnerability allows any user with view rights WikiManager.DeleteWiki to execute arbitrary Groovy, Python, or Velocity code, granting full access to the XWiki installation. Root cause is improper escaping of the wikiId URL parameter. Patches are available...
WordPress plugin Calculated Fields Form 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
PT-2023-20322 · Sequelize · Sequelize
Name of the Vulnerable Software and Affected Versions: Sequelize versions prior to 6.19.1 Description: The issue is related to SQL injection due to improper escaping of parameters passed through replacements. This can lead to arbitrary SQL injection depending on the specific queries in use. For...
Sequelize SQL注入漏洞
Sequelize is a database ORM Object Relational Mapping tool for Node.js. A security vulnerability exists in Sequelize versions prior to 6.19.1, which stems from an SQL injection vulnerability due to not properly escaping parameters...
CVE-2023-0098
The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL injection exploitable by low privilege users such as subscriber...
WordPress plugin Hide My WP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
WordPress plugin Top 10 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin The Easy Bootstrap Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Sitemap 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress plugin Login Logout Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2022-25692 · WordPress · Iws Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: IWS WordPress plugin version 1.0 Description: The issue arises from the improper escaping of a parameter before its use in a SQL statement via an AJAX action. This AJAX action is available to unauthenticated users, leading to an unauthenticat...
WordPress plugin Buddybadges SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
WordPress HTML Forms plugin SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress plugin WordPress Classifieds Plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...