7 matches found
PT-2024-37429 · WordPress · Unlimited Elements For Elementor
Name of the Vulnerable Software and Affected Versions: The Unlimited Elements For Elementor plugin versions up to, and including, 1.5.112 Description: The issue is related to Stored Cross-Site Scripting via the username parameter due to insufficient input sanitization and output escaping. This...
CVE-2018-9169
Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...
CVE-2018-9169
Z-BlogPHP 1.5.1 has XSS via the zbusers/plugin/AppCentre/pluginedit.php appid parameter. The component must be accessed directly by an administrator, or through CSRF...
Z-BlogPHP Arbitrary PHP Code Execution Vulnerability
Z-BlogPHP is an open source PHP-based blog system developed by the Z-Blog community. plugin upload component is one of the plugin upload components. A security vulnerability exists in the plugin upload component in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sendi...
Z-BlogPHP Cross-Site Scripting Vulnerability (CNVD-2018-08697)
Z-BlogPHP is an open source PHP-based blogging system developed by the Z-Blog community. A cross-site scripting vulnerability exists in Z-BlogPHP version 1.5.1. A remote attacker can exploit this vulnerability by sending the 'appid' parameter to the zbusers/plugin/AppCentre/pluginedit.php file to...
CVE-2018-8893
Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...
CVE-2018-8893
Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...