37 matches found
EUVD-2021-11429
Malware in sbrugna...
CVE-2023-2488
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2023-2489
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4120
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6 passes base64 encoded user input to the unserialize PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadge...
CVE-2021-24517
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2021.18 does not escape some of its settings, allowing high privilege users such as admin to set Cross-Site Scripting payloads in them even when the unfilteredhtml capability is disallowed...
CVE-2023-7065
The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfsprocess AJAX action. This makes it possible for...
CVE-2023-7065
CVE-2023-7065 affects Stop Spammers Security | Block Spam Users, Comments, Forms (WordPress) up to version 2024.4. Root cause: missing/incorrect nonce validation on the sfs_process AJAX action. Impact: unauthenticated attackers can forge requests to add arbitrary IPs to the plugin’s allowlist and...
PT-2024-15194 · WordPress · Stop Spammers Security
Name of the Vulnerable Software and Affected Versions: Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress versions up to, and including, 2024.4 Description: The issue is due to missing or incorrect nonce validation on the sfs process AJAX action, making it possible fo...
WordPress plugin Stop Spammers Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Stop Spammers Security | Block Spam Users, Comments, Forms < 2024.5 - Cross-Site Request Forgery (CSRF) via sfs_process
Description The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due to missing or incorrect nonce validation on the sfsprocess AJAX action. This makes it possible for...
CVE-2023-2488
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2023-2488
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
Cross site scripting
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
Cross site scripting
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2023-2488 Stop Spammers Security < 2023 - Reflected XSS
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as ad...
CVE-2023-2488
The CVE refers to the WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms, with versions prior to 2023 vulnerable to a Reflected XSS due to insufficient sanitisation/escaping of parameters when rendering admin dashboard pages. The impact targets high-privilege users (e.g.,...
CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
PT-2023-19832 · WordPress · Stop Spammers Security
Name of the Vulnerable Software and Affected Versions: The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2023 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltere...