1726 matches found
WordPress plugin Download Attachments 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2023-23973
Cross-Site Request Forgery CSRF vulnerability in a3rev Software Contact Us Page – Contact People plugin = 3.7.0...
CVE-2022-4666
The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...
EUVD-2022-52154
The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scripting...
WordPress Plugin Post Views Count 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
SUSE CVE-2017-1000404
The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs...
plugin: CSRF vulnerability in Blue Ocean Plugin
A cross-site request forgery CSRF vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server...
CVE-2023-24145
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...
Command injection
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the pluginversion parameter in the setUnloadUserData function...
PT-2023-19434 · Totolink · Totolink Ca300-Poe
Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-PoE version 6.2c.884 Description: A command injection issue was found via the plugin version parameter in the setUnloadUserData function. This allows for potential command injection attacks. Recommendations: For TOTOLINK...
WordPress plugin WP Google My Business Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-40697
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in 3com – Asesor de Cookies para normativa española plugin = 3.4.3 versions...
PT-2023-10192 · Webdevstudios · Taxonomy-Switcher Plugin
Name of the Vulnerable Software and Affected Versions: WebDevStudios taxonomy-switcher Plugin versions up to 1.0.3 Description: A problematic issue was found in the WebDevStudios taxonomy-switcher Plugin, affecting the taxonomy switcher init function of the file taxonomy-switcher.php. This issue...
PT-2023-14259 · WordPress · Wp Rss By Publishers
Name of the Vulnerable Software and Affected Versions: WP RSS By Publishers WordPress plugin version 0.1 Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitized and escaped before being used in a SQL statement. This can be exploited by high...
PT-2022-25998 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the...
CVE-2021-4244 yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/addfieldtoform.php. The manipulation of the argument fieldname/mergetag/fieldtype/listid leads to cross site scripting. It...
PT-2022-24842 · WordPress · Buddybadges
Name of the Vulnerable Software and Affected Versions: buddybadges WordPress plugin versions 1.0.0 and earlier Description: The issue is related to a SQL injection that occurs because a parameter is not properly sanitised and escaped before being used in a SQL statement. This can be exploited by...
PT-2022-27949 · Jenkins · Jenkins Git Plugin
Name of the Vulnerable Software and Affected Versions: Jenkins Gitea Plugin versions 1.4.4 and earlier Description: The implementation of Gitea personal access tokens in the Jenkins Gitea Plugin did not support credentials masking, potentially exposing them through the build log. Administrators w...
CVE-2022-40209
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Xylus Themes WP Smart Import plugin = 1.0.2 on WordPress...
WordPress plugin WP Affiliate Platform 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...