WordPress SV Posts plugin < 1.8.03 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress SV Posts plugin versions 1.8.03. Solution Update the WordPress SV Posts plugin to the latest available version at least 1.8.03...

The vulnerability lies in the implementation of the edit_posts permission plugin for PHP code, which allows a hacker to execute arbitrary code.

The vulnerability of the editposts permission implementation in the PHP plugin for PHP Everywhere is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code using Götterhuber blocks...

CVE-2021-42362 WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain...

WordPress 代码问题漏洞

WordPress is a blogging platform developed using the PHP language, which supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin Popular Posts 5.3.2 and previous versions are vulnerable to arbitrary file uploads. An attacker could exploit the vulnerability to upload...

CVE-2021-24537

The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin...

WordPress plugin Similar Posts 安全漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code injection vulnerability exists in WordPress Similar Posts plugin 3.1.5 and earlier versions, which...

CVE-2021-36872

CVE-2021-36872 affects WordPress Popular Posts plugin (versions

WordPress 跨站脚本漏洞

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL.The Wordpress plugin Popular Posts 5.3.3 and previous versions have a cross-site scripting vulnerability tha...

WordPress Plugin "WordPress Popular Posts" vulnerable to cross-site scripting

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera contains a cross-site scripting vulnerability CWE-79. Yu Iwama of Secure Sky Technology Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

WordPress Related Posts 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content to WordPress. A cross-site scripting vulnerability exists in the Related...

WordPress 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Related Posts is a plugin for adding related content to WordPress. A security vulnerability exists in the WordPress Related...

CVE-2015-9361

The CVE-2015-9361 entry concerns the WordPress Related Posts plugin (before 1.8.2). The vulnerability is a cross-site scripting (XSS) flaw triggered via add_query_arg() and remove_query_arg(), allowing injected client-side scripts. Affected component: Related Posts plugin for WordPress; root caus...

CVE-2016-10913

The wp-latest-posts plugin before 3.7.5 for WordPress has XSS...

CVE-2016-1160

Cross-site scripting XSS vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress Relevant Related Posts 1.0.7 Cross Site Scripting Vulnerability

WordPress Relevant Related Posts plugin version 1.0.7 suffers from a cross site scripting vulnerability. WordPress Relevant Related Posts 1.0.7 Cross Site Scripting Plugin Name : Relevant Related Posts Plugin Effected Version : 1.0.7 and most probably lower version's if any Vulnerability :...

WordPress Yet Another Related Posts Plugin <= 4.2.4 - CSRF Vulnerability

Exploit for php platform in category web applications Homepage https://wordpress.org/plugins/yet-another-related-posts-plugin/ Affected Versions input type='hidden' name='autodisplayposttypespag...

Yet Another Related Posts Plugin (YARPP) 4.2.4 - CSRF / XSS / RCE

'Yet Another Related Posts Plugin' options can be updated with no token/nonce protection which an attacker may exploit via tricking website's administrator to enter a malformed page which will change YARPP options, and since some options allow html the attacker is able to inject malformed...

Related Posts < 1.8.2 - XSS

The related-posts WordPress plugin was affected by a XSS security vulnerability...

CVE-2013-2710

Cross-site request forgery CSRF vulnerability in the Contextual Related Posts plugin before 1.8.7 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via unspecified vectors...

CVE-2013-3476

Cross-site request forgery CSRF vulnerability in the WordPress Related Posts plugin before 2.6.2 for WordPress allows remote attackers to hijack the authentication of users for requests that change settings via unspecified vectors...