WordPress plugin SearchWP Live Ajax Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2022-35220

Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal terminati...

WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF

The plugin does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack PoC...

CVE-2022-2224

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...

CVE-2022-2223

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewicduplicateslider. This make it possible for unauthenticated attackers to duplicate existing posts...

Cross site request forgery (csrf)

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...

CVE-2022-2224 Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...

WordPress plugin Image Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Image Slider 1.1.1...

WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting PoC When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"...

WordPress WordPress Popular Posts plugin <= 5.5.1 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress WordPress Popular Posts plugin versions = 5.5.1 Solution Update the WordPress WordPress Popular Posts plugin to the latest available version at least 6.0.0...

WordPress Popular Posts < 6.0.0 - Reflected Cross-Site Scripting

The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting When the plugin displays a performance notice: https://example.com/wp-admin/plugins.php?"alert/XSS/...

CVE-2022-1847

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1847

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1847

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site request forgery (csrf)

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1847

CVE-2022-1847 affects the WordPress Rotating Posts plugin (versions

CVE-2022-1847 Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF

The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin Rotating Posts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Rotating Posts plugin version 1.11 and earlier versions are vulnerable to cross-site request forger...

CVE-2022-31295

An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...

CVE-2022-31295

An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...