Lucene search
K

27 matches found

CNNVD
CNNVD
added 2021/09/01 12:0 a.m.4 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress underConstruction plugin in version 1.18...

6.1CVSS5.4AI score0.02335EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2021/08/31 12:0 a.m.15 views

underConstruction < 1.19 - Reflected Cross-Site Scripting

The plugin does not escape the PHPSELF before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/admin.php/"/?page=under-construction...

6.1CVSS0.9AI score0.02335EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2021/08/31 12:0 a.m.16 views

WordPress underConstruction plugin <= 1.18 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Ram Gall WordFence in WordPress underConstruction plugin versions = 1.18. Solution Update the WordPress underConstruction plugin to the latest available version at least 1.19...

6.1CVSS2.1AI score0.02335EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/01/20 12:0 a.m.13 views

Under Construction < 3.86 - Authenticated Stored Cross-Site Scripting (XSS)

The Underconstruction plugin admin configuration is vulnerable to stored XSS issues which will be triggered in the main page of the site, even when the unfilteredhtml is disabled. Edit WPScanTeam A fix was attempted in v3.80, but was insufficient. In the meantime, more fields were found to be...

0.3AI score
Exploits0References2Affected Software1
NVD
NVD
added 2014/04/10 8:29 p.m.16 views

CVE-2013-2699

Cross-site request forgery CSRF vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors...

6.8CVSS7.1AI score0.01118EPSS
Exploits0References3
CVE
CVE
added 2014/04/10 2:0 p.m.43 views

CVE-2013-2699

The CVE-2013-2699 entry concerns the WordPress underConstruction plugin (versions before 1.09). The vulnerability is a CSRF flaw that allows an attacker to hijack administrator authentication to deactivate the plugin via unspecified vectors, potentially disabling protection for the site. Affected...

6.8CVSS7.3AI score0.01118EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2013/03/26 12:0 a.m.15 views

WordPress underConstruction Plugin <= 1.08 - CSRF

Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that deactivate a plugin via unspecified vectors. Solution Update the plugin...

6.8CVSS6.1AI score0.01118EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder