WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. There is a security vulnerability in the...

Stock in & out <= 1.0.4 - Reflected Cross-Site Scripting (XSS)

The plugin has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue PoC POST /wp-admin/admin.php?page=stockin HTTP/1.1 Content-Length: 66...

SP Project & Document Manager < 4.22 - Authenticated Shell Upload

The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...

Design/Logic Flaw

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Hana Flv Player 3.1.3, which is caused by XS...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin that stems from a request that includes a CS...

WordPress plugin authorization issue vulnerability (CNVD-2021-36538)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in versions o...

CVE-2021-24327

The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads...

CVE-2021-24326

The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting XSS issue as user input was not properly sanitised before being output in an attribute...

CVE-2021-24188

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog,...

Code injection

Low privileged users can use the AJAX action 'cppluginsdobuttonjoblatercallback' in the Login as User or Customer User Switching WordPress plugin before 1.8, to install any plugin including a specific version from the WordPress repository, as well as activate arbitrary plugin from then blog, whic...

CVE-2021-24193

CVE-2021-24193 affects the WordPress plugin “Visitor Traffic Real Time Statistics” (before 2.12). Low-privilege users can abuse the AJAX action cp_plugins_do_button_job_later_callback to install any plugin from the WordPress repository and activate arbitrary plugins on the blog, enabling attacker...

WordPress plugin Visitor Traffic Real Time Statistics 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A vulnerability exists in the WordPress plugin before...

WordPress plugin Login as User or Customer 安全漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . WordPress plugin 1.8 before the version User Switching...

WordPress plugin 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An improper access control vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...

WordPress plugin 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in versions o...

Kk Star Ratings 跨站脚本漏洞

kk-star-ratings is an application. Used to allow blog visitors to engage and interact with your site by rating posts. A cross-site scripting vulnerability exists in the Kk Star Ratings plugin prior to version 4.1.5...

WordPress UltimateWoo plugin <= 0.1.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by WPScan Team in WordPress UltimateWoo plugin versions = 0.1.10. Solution This plugin has been closed and is no longer available for download...

Cross site request forgery (csrf)

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result,...