24 matches found
EUVD-2026-33483
The Advanced Custom Fields ACF® plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.8.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to overwrit...
EUVD-2012-6534
Malware in sbrugna...
EUVD-2018-17091
Malware in sbrugna...
EUVD-2021-26658
Malware in sbrugna...
EUVD-2019-10735
Malware in sbrugna...
CVE-2024-39310
The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...
CVE-2021-3327
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the posttitle parameter...
CVE-2018-5312
The tabs-responsive plugin 1.8.0 for WordPress has XSS via the posttitle parameter to wp-admin/post.php...
CVE-2019-20181
The awesome-support plugin 5.8.0 for WordPress allows XSS via the posttitle parameter...
CVE-2024-39310 WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability
The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting XSS via the posttitle parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access...
Cross site scripting
A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...
Sql injection
Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=addpost. This vulnerability can be exploited through a crafted POST request via the posttitle parameter...
WordPress plugin Download Monitor 跨站脚本漏洞
WordPress is a set of blogging platform developed using PHP language. File Upload is one of the file upload plugins used in it. WordPress plugin is an application plugin. The vulnerability is caused by the vulnerable parameters &posttitle, &downloadablefileversion0. An attacker could exploit this...
CVE-2021-3327
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the posttitle parameter...
CVE-2021-3327
CVE-2021-3327 affects Ovation Dynamic Content 1.10.1 for Elementor, with a stored/ reflected cross-site scripting flaw exploitable via the post_title parameter. The connected materials confirm the product/version and the vulnerability class but do not provide exploit details, affected configurati...
CVE-2021-3327
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the posttitle parameter...
Elementor 跨站脚本漏洞
Elementor is a WordPress page builder from the Elementor team that offers a variety of design elements and supports custom templates and more. A cross-site scripting vulnerability exists in Elementor Ovation Dynamic Content version 1.10.1. The vulnerability is related to the posttitle parameter. ...
CVE-2019-20181
The awesome-support plugin 5.8.0 for WordPress allows XSS via the posttitle parameter...
CVE-2019-20181
The awesome-support plugin 5.8.0 for WordPress allows XSS via the posttitle parameter...
CVE-2019-20182
The FooGallery plugin 1.8.12 for WordPress allow XSS via the posttitle parameter...