Lucene search
K

42 matches found

OSV
OSV
added 2023/08/31 6:15 a.m.5 views

CVE-2023-2229

The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

8.8CVSS7.3AI score0.00733EPSS
Exploits0References2
CVE
CVE
added 2023/08/31 5:33 a.m.36 views

CVE-2023-2229

CVE-2023-2229 affects the WordPress Quick Post Duplicator (rduplicator) up to version 2.0. The root cause is an SQL Injection via the post_id parameter due to insufficient escaping and lack of prepared statements, enabling authenticated attackers with contributor privileges to append additional S...

8.8CVSS8.5AI score0.00733EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/31 5:33 a.m.19 views

CVE-2023-2229 Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id

The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

8.8CVSS8.9AI score0.00733EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

WordPress plugin Quick Post Duplicator SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS8.5AI score0.00733EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/07/25 12:0 a.m.6 views

WordPress WP Quick Post Duplicator Plugin <= 2.0 is vulnerable to Broken Access Control

Software WP Quick Post Duplicator Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31214 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dab968364058 Credits TaeEun Lee Required...

6.3AI score0.00282EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.9 views

WordPress Quick Post Duplicator Plugin <= 2.0 is vulnerable to SQL Injection

Software Quick Post Duplicator Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2229 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 82cd33300670 Credits Marco Wotschka Required privilege Contributor...

8.8CVSS6.8AI score0.00733EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/22 12:0 a.m.2 views

PT-2023-4737 · WordPress · Wp Quick Post Duplicator

Name of the Vulnerable Software and Affected Versions: Quick Post Duplicator for WordPress versions up to, and including, 2.0 Description: The issue is related to SQL Injection via the post id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation...

9CVSS9.2AI score0.00733EPSS
Exploits0References5
Prion
Prion
added 2023/05/26 9:15 p.m.14 views

Cross site scripting

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...

4.3CVSS4.8AI score0.00617EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2023/05/26 8:30 p.m.41 views

CVE-2023-33194 CraftCMS stored XSS in Quick Post widget error message

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...

3.7CVSS5.1AI score0.00617EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/05/26 8:30 p.m.9 views

CVE-2023-33194 CraftCMS stored XSS in Quick Post widget error message

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...

3.7CVSS4.9AI score0.00617EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2023/05/26 1:54 p.m.21 views

CraftCMS stored XSS in Quick Post widget error message

Summary The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Details Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. PoC 1. Login at admin 2. Go to setting 3. Create a Section 4. On Entry page, cli...

4.8CVSS6.1AI score0.00617EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2023/05/26 12:0 a.m.5 views

Pixel&tonic Craft CMS 跨站脚本漏洞

Pixel & tonic Craft CMS is a content management system CMS from the US-based Pixel & tonic, Inc. A security vulnerability exists in Pixel & tonic Craft CMS that stems from not filtering input and encoding output in Quick Post validation error messages, which would allow the delivery of loads with...

4.8CVSS4.5AI score0.00617EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.5 views

PT-2023-24211 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.4.6 Description: The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. An older issue fixed the XSS in label HTML but did not address it when...

4.8CVSS4.7AI score0.00617EPSS
Exploits1References9
Cvelist
Cvelist
added 2023/03/03 9:58 p.m.29 views

CVE-2023-23927 Craft CMS stored cross-site scripting vulnerability

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting XSS happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7...

6.1CVSS6.2AI score0.00801EPSS
Exploits1References3
OSV
OSV
added 2023/03/03 9:58 p.m.28 views

CVE-2023-23927 Craft CMS stored cross-site scripting vulnerability

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting XSS happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7...

6.1CVSS5.1AI score0.00801EPSS
Exploits1References5
Patchstack
Patchstack
added 2015/05/01 12:0 a.m.7 views

WordPress Quick Post Widget Plugin <= 1.9.1 - Multiple CSRF

This plugin is prone to a cross site request forgery vulnerability. Solution Update plugin...

2.6AI score
Exploits0References1Affected Software1
Prion
Prion
added 2014/09/03 2:55 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...

4.3CVSS6.2AI score0.02041EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2014/09/03 2:0 p.m.38 views

CVE-2012-4226

Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...

5.9AI score0.02041EPSS
Exploits2References5
CVE
CVE
added 2014/09/03 2:0 p.m.60 views

CVE-2012-4226

CVE-2012-4226 concerns the WordPress Quick Post Widget plugin (version 1.9.1). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the Quick Post Widget fields (Title, Content, New category) or v...

4.3CVSS5.9AI score0.02041EPSS
Exploits2References5Affected Software1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.58 views

WordPress Plugin &#39;Quick Post Widget&#39; 1.9.1 Multiple Cross-site scripting vulnerabilities

Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID:...

4.3CVSS0.02041EPSS
Exploits2
Rows per page
Query Builder