849 matches found
Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following in the plugin's settings: test = "alert/XSS/ Tick the "Enable text hover in...
CVE-2022-0590
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
Design/Logic Flaw
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
CVE-2022-25602 WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
CVE-2022-25602
CVE-2022-25602 affects the WordPress Responsive Menu plugin (versions ≤ 4.1.7). A nonce token leak enables arbitrary file upload, theme deletion, and plugin settings changes. Multiple connected sources (Patchstack, WPVulndb, NVD/NVD-derived entries) corroborate the impact and prioritization as a ...
CVE-2022-25602 WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin versions = 4.1.7...
WordPress Responsive Menu plugin <= 4.1.7 - Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability
Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability discovered by Dave Jong Patchstack in WordPress Responsive Menu plugin versions = 4.1.7. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.1.8...
Responsive Menu < 4.1.8 - Subscriber+ Arbitrary File Upload / Theme Deletion / Plugin Settings Update
The plugin is missing authorisation on multiple of its AJAX actions such as savemenuglobalsettings, and relying on CSRF nonces which are disclosed to any authenticated users. As a result, it could allow them to call the affected actions and lead to arbitrary file upload, theme deletion as well as...
iQ Block Country < 1.2.13 - Admin+ Arbitrary File Deletion via Zip Slip
The settings of the plugin can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process,...
CVE-2022-27855
Cross-Site Request Forgery CSRF vulnerability in Fatcat Apps Analytics Cat plugin = 1.0.9 on WordPress allows Plugin Settings Change...
Cross site request forgery (csrf)
The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings...
CVE-2021-24971 WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS
The WP Responsive Menu WordPress plugin before 3.1.7.1 does not have capability and CSRF checks in the wprliveupdate AJAX action, as well as do not sanitise and escape some of the data submitted. As a result, any authenticated, such as subscriber could update the plugin's settings and perform...
WordPress 跨站脚本漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress WP Responsive Menu plugin prior to 3.1.7.1,...
WordPress插件Translation Exchange跨站脚本漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A cross-site scripting vulnerability exists in versions prior to WordPress plugin Translation Exchange 1.0.14, which stems from a lack of filtering and escaping in the "Project Keywords" text box in the...
CVE-2022-23983
Cross-Site Request Forgery CSRF vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin versions = 3.4.4...
WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF
The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack PoC https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php=2...
WP-Matomo Integration (WP-Piwik) < 1.0.27 - Plugin Settings Reset via CSRF
The plugin does not have CSRF when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack https://example.com/wp-admin/options-general.php?page=wp-piwik%2Fclasses%2FWPPiwik.php&clear=2...
WordPress和WordPress plugin 跨站请求伪造漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the WordPress Remove Footer Credit plugin, which stems from th...
Improper Authorization in librenms/librenms
Description LibreNMS v22.1.0 allows users with the normal role/level to interact with the plugin setting resulting in the users could take action such as switching on/off any installed plugins which are supposedly accessible by the Administrator only. Proof of Concept Affected endpoints: 1 GET...