58 matches found
CVE-2010-0726
Cross-site scripting XSS vulnerability in the tb-send.rb TrackBack transmission plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the 1 plugintburl and 2 plugintbexcerpt parameters...
EUVD-2010-5252
Malware in sbrugna...
EUVD-2005-3952
Malware in sbrugna...
EUVD-2025-8603
Malicious code in bioql PyPI...
CVE-2025-31448
Cross-Site Request Forgery CSRF vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through = 1.4...
WordPress Simple Trackback Disabler plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Simple Trackback Disabler versions = 1.4...
CVE-2025-31448
Cross-Site Request Forgery CSRF vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through = 1.4...
CVE-2025-31448
CVE-2025-31448 : CSRF in Simple Trackback Disabler for WordPress (affected
CVE-2025-31448 WordPress Simple Trackback Disabler <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in misteraon Simple Trackback Disabler allows Cross Site Request Forgery. This issue affects Simple Trackback Disabler: from n/a through 1.4...
CVE-2025-31448 WordPress Simple Trackback Disabler plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in misteraon Simple Trackback Disabler simple-trackback-disabler allows Cross Site Request Forgery.This issue affects Simple Trackback Disabler: from n/a through = 1.4...
WordPress plugin Simple Trackback Disabler 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-46059
Cross Site Scripting XSS vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component...
Geeklog 跨站脚本漏洞
Geeklog is Geeklog open source an open source software . Can be used as Weblog, CMS or Web Portal. Geeklog v2.2.2 version of the cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , a remote attacker...
WP < 6.0.3 - CSRF in wp-trackback.php
Description There is no CSRF check in the wp-trackback.php which could allow attackers to make user perform unwanted actions via a CSRF attack...
Cross-site Request Forgery (CSRF)
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the handling of requests in wp-trackback.php. An attacker can assume the identity of another user and perform...
WordPress 1.5 wp-trackback.php tb_id Parameter SQL Injection
...
Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
...
CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
Design/Logic Flaw
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...