CVE-2023-7251

CVE-2023-7251 affects the WordPress plugin User Submitted Posts (versions

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

WordPress Plugin User Submitted Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

DEBIAN-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

UBUNTU-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...

Newsmatic < 1.3.5 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content

Description The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts PoC When logged in as a subscriber, open the following URL and note that the...

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts When logged in as a subscriber, open the following URL and note that the conten...

CVE-2024-1785 Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

WordPress Plugin Smart Custom Fields Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

PT-2024-18483 · WordPress · Smart Custom Fields

Name of the Vulnerable Software and Affected Versions: Smart Custom Fields plugin for WordPress versions up to, and including, 4.2.2 Description: The issue arises from a missing capability check on the relational posts search function, allowing authenticated attackers with subscriber-level access...

CVE-2024-1857

The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wpswgmpreviewemailtemplate. This makes it possible for...

PT-2024-18366 · WordPress · The Ultimate Gift Cards For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress versions up to, and including, 2.6.6 Description: The issue allows unauthenticated attackers to read...

Inline Related Posts < 3.5.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Put the following payload in the CSS margin-top settings: 0 em" onmouseover=alert/XSS/// Th...

CVE-2024-1479

The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpspdisplay function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, priva...

CVE-2024-1452

The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status ...

CVE-2024-0839

The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive...

CVE-2024-0687

The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API...