PT-2024-17655 · WordPress · Button Block

Name of the Vulnerable Software and Affected Versions: Button Block plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and...

PT-2024-39868 · WordPress · The Imagepress – Image Gallery

Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions prior to 1.2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization. This is due to a missing capability...

PT-2024-38814 · WordPress · Wp Extended

Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress versions up to, and including, 3.0.8 Description: The issue allows authenticated attackers with Contributor-level access and above to duplicate posts written by other authors,...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

Design/Logic Flaw

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, datawallphoto, datauserShareVideo and datauserShareLink...

CVE-2023-43323

CVE-2023-43323 affects mooSocial 3.1.8. The vulnerability is external service interaction in the post function, where requests to external servers may be triggered via parameters messageText, data[wall_photo], data[userShareVideo], and data[userShareLink]. The issue has a documented PoC/exploit p...

PT-2023-28780 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue concerns external service interaction on the post function. When executed, the server sends HTTP and DNS requests to an external server. The parameters affected are multiple, including messageTex...

Exploit for External Control of System or Configuration Setting in Moosocial

mooSocial: External HTTP and DNS Service Interaction CVE-2023...

PT-2023-12528 · WordPress · Wp-Mpdf

Name of the Vulnerable Software and Affected Versions: wp-mpdf plugin for WordPress versions up to, and including, 3.5.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the mpdf admin savepost function. This allows unauthenticated...

PT-2023-12502 · WordPress · Contact Form 7 Style

Name of the Vulnerable Software and Affected Versions: Contact Form 7 Style plugin for WordPress versions up to, and including, 3.2 Description: The issue is due to missing or incorrect nonce validation on the manage wp posts be qe save post function, making it possible for unauthenticated...

CVE-2020-21052

CVE-2020-21052 affects zrlog v2.1.3. The vulnerability is a cross-site scripting (XSS) flaw in the /post/addComment functionality, exploitable via the nickname parameter to execute arbitrary code. The provided sources (NVD and related mirrors) identify the affected product/version and the input p...

CVE-2023-28367

Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-27925

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

PT-2023-21676 · Unknown · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit versions 9.88.1.0 and earlier Description: A cross-site scripting issue in the CTA post function allows a remote authenticated attacker to inject an arbitrary script. Recommendations: For versions 9.88.1.0 and...

CVE-2023-29643

Cross Site Scripting XSS vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function...

CVE-2023-29643

Cross Site Scripting XSS vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function...

Cross site scripting

Cross Site Scripting XSS vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function...

PerfreeBlog 跨站脚本漏洞

PerfreeBlog is a java-based blog/CMS builder. A security vulnerability exists in PerfreeBlog version 3.1.2, which stems from a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary code via the Post function...