66 matches found
CVE-2024-12566 Email Subscribers < 5.7.45 - Admin+ Stored XSS
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-6393 NextGEN Gallery < 3.59.5 - Admin+ Stored XSS
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example i...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
Exploit for: GravCMS 1.10.7 - Arbitrary YAML Write/...
CVE-2024-5604 Bug Library < 2.1.2 - Admin+ Stored XSS
The Bug Library WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2696 Swift Framework < 2024.04.30 - Admin+ Stored XSS via Settings
The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0974 Social Media Widget < 4.0.9 - Admin+ Stored XSS
The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6130 Form Maker by 10Web < 1.15.26 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.26 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-37129 · Zen Cart · Zen Cart
Name of the Vulnerable Software and Affected Versions: Zen Cart affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Zen Cart. The specific flaw exists within the findPluginAdminPage function, resulting from the lac...
CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1589 SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin Admin side data storage for Contact Form security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2023-28618
Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...
CVE-2023-28618
Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...
CVE-2023-28618 WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...
CVE-2023-28618 WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin = 1.16 versions...
CVE-2023-28618
CVE-2023-28618 is a CSRF vulnerability in the WordPress plugin “Enhanced Plugin Admin” (versions
PT-2023-21851 · Unknown · Marios Alexandrou Enhanced Plugin Admin
Name of the Vulnerable Software and Affected Versions: Marios Alexandrou Enhanced Plugin Admin plugin versions = 1.16 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...
WordPress Plugin Enhanced Plugin Admin Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...