330 matches found
CVE-2023-33309
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...
CVE-2023-33309
CVE-2023-33309 refers to an unauthenticated, reflected XSS in the Duplicator Pro WordPress plugin up to version 4.5.11. The vulnerability is triggered via input that is reflected in the plugin’s response, enabling potentially injected script execution in a victim’s browser. Public sources in the ...
CVE-2023-33309 WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Awesome Motive Duplicator Pro plugin = 4.5.11 versions...
WordPress plugin Duplicator Pro 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Cross Site Scripting (XSS)
Software Essential Addons for Elementor Pro Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32241 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5e9e79ec6617 Credit...
CVE-2022-47605 WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection (SQLi)
Auth. SQL Injection' vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.7.0 versions...
CVE-2022-47605 WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection (SQLi)
Auth. SQL Injection' vulnerability in Kunal Nagar Custom 404 Pro plugin = 3.7.0 versions...
CVE-2022-47605
CVE-2022-47605 concerns the WordPress plugin Custom 404 Pro by Kunal Nagar. A SQL Injection vulnerability affects versions
WordPress HappyFiles Pro Plugin <= 1.8.1 is vulnerable to Broken Access Control
Software HappyFiles Pro Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25445 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 518a5cea4b57 Credits Dave Jong Patchstack...
WordPress real-estate-pro Plugin < 1.7.1 is vulnerable to Privilege Escalation
Software real-estate-pro Type Plugin Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2020-36666 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID a8f610e7b2fc Credits Omar Badran Required privilege...
WordPress plugin directory-pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2018-25055
A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...
CVE-2018-25055 FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting
A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulation of the argument suggestion leads to cross...
CVE-2018-25055
CVE-2018-25055 concerns FarCry Solr Pro Plugin (up to 1.5.x). The vulnerability lies in the Search Handler’s packages/forms/solrProSearch.cfc and the manipulation of the suggest ion argument, which enables cross-site scripting. It can be exploited remotely. Upgrading to version 1.6.0 addresses th...
CVE-2022-4161
The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgcopystart POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensiti...
PT-2022-25944 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5.1 Contest Gallery Pro WordPress plugin versions prior to 19.1.5.1 Description: The issue arises from the failure to escape the cg option id POST parameter before it is concatenated to ...
CVE-2022-3900
The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...
CVE-2022-35501
Stored Cross-site Scripting XSS exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function...
PT-2022-22793
Name of the Vulnerable Software and Affected Versions Testimonials WordPress plugin versions prior to 2.7 super-testimonial-pro WordPress plugin versions prior to 1.0.8 Description The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks, even when the...
CVE-2022-42494 WordPress All in One SEO Pro plugin <= 4.2.5.1 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability in All in One SEO Pro plugin = 4.2.5.1 on WordPress...