27 matches found
EUVD-2013-2638
Malware in sbrugna...
EUVD-2022-25167
Malicious code in bioql PyPI...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
WordPress underConstruction plugin <= 1.21 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Felipe Restrepo Rodriguez Patchstack Alliance in WordPress Plugin underConstruction versions = 1.21...
WordPress underConstruction Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)
Software underConstruction Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30548 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b0c168347691 Credits Felipe Restrepo Rodriguez Required...
WordPress underConstruction plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress underConstruction plugin...
WordPress underConstruction plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1895
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...
CVE-2022-1896
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...
WordPress plugin underConstruction 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of the WordPress underConstruction plugin...
WordPress underConstruction plugin <= 1.19 - Construction Mode Deactivation via Cross-Site Request Forgery (CSRF) vulnerability
Construction Mode Deactivation via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress underConstruction plugin versions = 1.19. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.20...
underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed. PoC In the plugin's settings, active Under Contraction...
WordPress underConstruction plugin <= 1.20 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress underConstruction plugin versions = 1.20. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.21...
CVE-2021-39320
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320
CVE-2021-39320 affects the WordPress Under Construction plugin (versions
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
The underConstruction plugin = 1.18 for WordPress echoes out the raw value of $GLOBALS'PHPSELF' in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the...