42 matches found
CVE-2023-2229
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...
CVE-2023-2229
CVE-2023-2229 affects the WordPress Quick Post Duplicator (rduplicator) up to version 2.0. The root cause is an SQL Injection via the post_id parameter due to insufficient escaping and lack of prepared statements, enabling authenticated attackers with contributor privileges to append additional S...
CVE-2023-2229 Quick Post Duplicator <= 2.0 - Authenticated (Contributor+) SQL Injection via post_id
The Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘postid’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...
WordPress plugin Quick Post Duplicator SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress WP Quick Post Duplicator Plugin <= 2.0 is vulnerable to Broken Access Control
Software WP Quick Post Duplicator Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-31214 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dab968364058 Credits TaeEun Lee Required...
WordPress Quick Post Duplicator Plugin <= 2.0 is vulnerable to SQL Injection
Software Quick Post Duplicator Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2229 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 82cd33300670 Credits Marco Wotschka Required privilege Contributor...
PT-2023-4737 · WordPress · Wp Quick Post Duplicator
Name of the Vulnerable Software and Affected Versions: Quick Post Duplicator for WordPress versions up to, and including, 2.0 Description: The issue is related to SQL Injection via the post id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation...
Cross site scripting
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...
CVE-2023-33194 CraftCMS stored XSS in Quick Post widget error message
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...
CVE-2023-33194 CraftCMS stored XSS in Quick Post widget error message
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in...
CraftCMS stored XSS in Quick Post widget error message
Summary The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Details Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. PoC 1. Login at admin 2. Go to setting 3. Create a Section 4. On Entry page, cli...
Pixel&tonic Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from the US-based Pixel & tonic, Inc. A security vulnerability exists in Pixel & tonic Craft CMS that stems from not filtering input and encoding output in Quick Post validation error messages, which would allow the delivery of loads with...
PT-2023-24211 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.4.6 Description: The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. An older issue fixed the XSS in label HTML but did not address it when...
CVE-2023-23927 Craft CMS stored cross-site scripting vulnerability
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting XSS happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7...
CVE-2023-23927 Craft CMS stored cross-site scripting vulnerability
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting XSS happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7...
WordPress Quick Post Widget Plugin <= 1.9.1 - Multiple CSRF
This plugin is prone to a cross site request forgery vulnerability. Solution Update plugin...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...
CVE-2012-4226
Multiple cross-site scripting XSS vulnerabilities in Quick Post Widget plugin 1.9.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 Title, 2 Content, or 3 New category field to wordpress/ or 4 query string to wordpress/...
CVE-2012-4226
CVE-2012-4226 concerns the WordPress Quick Post Widget plugin (version 1.9.1). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the Quick Post Widget fields (Title, Content, New category) or v...
WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities
Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID:...