CVE-2023-40599

Regular expression Denial-of-Service ReDoS exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js,...

CVE-2022-1047

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

Cross site scripting

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

CVE-2022-1047 Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability...

CVE-2022-1047

CVE-2022-1047 affects the WordPress plugin Themify - Post Type Builder Search Addon (before version 1.4.0). The vulnerability is a reflected XSS caused by improper escaping of the current page URL when reusing it in an HTML attribute. Several sources (NVD, Red Hat, CVE lists, Patchstack, WPScan) ...

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. PoC On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting

The plugin does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. On a page or post with a search form, add the following url query parameter: ?%22%3E%3Cscript%3Ealert1%3C/script%3E...

WordPress The Events Calendar Search Addon plugin <= 1.1.3 - Arbitrary Plugin Installation vulnerability

Arbitrary Plugin Installation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Search Addon plugin versions = 1.1.3. Solution Update the WordPress The Events Calendar Search Addon plugin to the latest available version at least 1.2.1...

WordPress The Events Calendar Search Addon plugin <= 1.1.3 - Arbitrary Plugin Activation vulnerability

Arbitrary Plugin Activation vulnerability discovered by Jerome Bruandet NinTechNet in WordPress The Events Calendar Search Addon plugin versions = 1.1.3. Solution Update the WordPress The Events Calendar Search Addon plugin to the latest available version at least 1.2.1...