2 matches found
WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)
The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...
CVE-2010-5093
MemberProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address ID of another user...