10 matches found
CVE-2025-14074
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
EUVD-2025-203072
The PDF for Contact Form 7 + Drag and Drop Template Builder plugin for WordPress is vulnerable to unauthorized post duplication due to a missing capability check on the 'rednumberduplicate' function in all versions up to, and including, 6.3.3. This makes it possible for authenticated attackers,...
EUVD-2020-17050
Malware in sbrugna...
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...
WP Admin Menu Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. It is widely used internationally and can be compatible with self-developed plug-ins. Powerful and widely used. Cross-site scripting vulnerability...
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...
CVE-2020-24316
CVE-2020-24316 affects the WordPress plugin Rednumber Admin Menu (versions 1.1 and lower). The vulnerability is a reflected XSS where the GET parameter role is echoed back without sanitization, enabling an attacker to craft a URL to execute client-side scripts. Exploitation is via a specially cra...
CVE-2020-24316
WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET parameter before echoing it back out to the user. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL...
PT-2020-15681 · Rednumber · Wp Plugin Rednumber Admin Menu
Name of the Vulnerable Software and Affected Versions: WP Plugin Rednumber Admin Menu versions 1.1 and lower Description: The issue is related to a reflected XSS vulnerability. It occurs because the role GET parameter value is not sanitized before being echoed back to the user. This allows...