849 matches found
Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. PoC...
No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting
The plugin does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload in any of the plugin's settings such as Exclude posts IDs and save: " autofocus onfocus=alert/XSS///...
WordPress Responsive Menu Plugin < 4.1.8 Information Disclosure Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:expresstech:responsivemenu"; ifdescription...
CVE-2022-29444
Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...
Cross site scripting
Plugin Settings Change leading to Cross-Site Scripting XSS vulnerability in Cloudways Breeze plugin = 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wpajax actions in the class BreezeConfiguration which includes the ability to change any of the plugin'...
WordPress plugin Cloudways Breeze 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Cloudways Breeze plugin 2.0.2 and earlier versions have a cross-site scripting vulnerabilit...
CVE-2022-29414
Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...
CVE-2022-29417
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...
CVE-2022-29417
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...
Code injection
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...
CVE-2022-29417 WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...
CVE-2022-29417
Summary: CVE-2022-29417 affects the WordPress ShortPixel Adaptive Images plugin (versions
CVE-2022-29417 WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings...
WordPress ShortPixel Adaptive Images plugin <= 3.3.1 - Subscriber+ Plugin Settings Update vulnerability
Subscriber+ Plugin Settings Update vulnerability discovered by Tien Nguyen Anh Patchstack Alliance in WordPress ShortPixel Adaptive Images plugin versions = 3.3.1. Solution Update the WordPress ShortPixel Adaptive Images plugin to the latest available version at least 3.4.0...
PT-2022-19590 · WordPress · Shortpixel Adaptive Images
Name of the Vulnerable Software and Affected Versions: ShortPixel Adaptive Images plugin versions 3.3.1 and earlier Description: The issue allows an attacker with a low user role, such as a subscriber or higher, to change the plugin settings. Recommendations: For versions 3.3.1 and earlier, updat...
The vulnerability of the McAfee WebAdvisor antivirus protection plugin for browsers Chrome and Edge, related to access control deficiencies, allows a malicious actor to gain access to the plugin settings and other system information of the user.
The vulnerability of the McAfee WebAdvisor antivirus protection plugin for browsers Chrome and Edge is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the plugin settings and other system information of the...
CVE-2022-1112
The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored Cross-Site scripting against a logged in admin via a CSRF attack...
WP-Appbox < 4.4.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting Vulnerability
Exploit Title: Drupal avataruploader v7.x-1.0-beta8 - Cross Site Scripting XSS Author: Milad karimi Software Link: https://www.drupal.org/project/avataruploader Version: v7.x-1.0-beta8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a avataruploader from any post types. The...
CVE-2022-0818
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin...