PT-2023-23358 · Unknown · Sourcecodester Online Discussion Forum Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Discussion Forum Site version 1.0 Description: A critical issue affects the processing of the file adminpostsmanage post.php, where the manipulation of the id argument leads to sql injection. This issue can be initiated...

PT-2023-12466 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to authorization bypass due to missing capability checks and a missing security nonce in the UlistingUserRole::save role api function. This...

WordPress Plugin User Submitted Posts 代码问题漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file upload vulnerability exists in the WordPress plugin User Submitted Posts, which is caused by incorrect validation of file...

PT-2023-11365 · WordPress · User Submitted Posts

Name of the Vulnerable Software and Affected Versions: User Submitted Posts plugin for WordPress versions up to, and including, 20190312 Description: The issue arises from missing file type validation in the usp check images function, allowing unauthenticated attackers to upload arbitrary files t...

CVE-2023-2300

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

CVE-2023-2300

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

CVE-2023-2404

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editpost...

CVE-2023-2302

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the...

CVE-2023-2302

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the...

PT-2023-19373 · Vcita · Crm/Lead Management By Vcita

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output escaping. Th...

PT-2023-18822 · Vcita · Contact Form/Calls To Action

Name of the Vulnerable Software and Affected Versions: Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the email parameter due to insufficient input sanitization and output...

Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery (CSRF) to Stored XSS

The plugin does not protect the ajax actions azhsave against CSRF attacks, allowing an unauthenticated attacker to modify posts by tricking a logged in user with rights to edit the post to submit a crafted request. Furthermore if the targeted user has a role of editor or above, arbitrary web...

CVE-2022-46814

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814

CVE-2022-46814 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Kodex Posts likes plugin, affected in versions

CVE-2022-46814 WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

CVE-2022-46814 WordPress Kodex Posts likes Plugin <= 2.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pierre Lebedel Kodex Posts likes plugin = 2.4.3 versions...

WordPress plugin Kodex Posts likes 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-27423

Cross-Site Request Forgery CSRF vulnerability in Ramon Fincken Auto Prune Posts plugin = 1.8.0 versions...