288 matches found
WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Stripe Payments For WooCommerce by Checkout versions = 1.9.1...
WordPress WP Bannerize Pro Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Bannerize Pro Type Plugin Vulnerable versions = 1.9.0 Fixed in 1.9.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7388 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e13c4b78a18d Credits Nguyễn Trung Kiên...
WordPress plugin Linkify Text 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Linkify Text plugin <= 1.9.1 - Unauthenticated Full Path Disclosure vulnerability
Unauthenticated Full Path Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Linkify Text versions = 1.9.1...
PT-2024-38312 · WordPress · Linkify Text
Name of the Vulnerable Software and Affected Versions: Linkify Text plugin for WordPress versions up to and including 1.9.1 Description: The issue is related to Full Path Disclosure, which occurs because the plugin uses bootstrap and leaves test files with display errors enabled. This allows...
ZNC < 1.9.1 RCE Vulnerability
ZNC is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:znc:znc"; ifdescriptio...
MGASA-2024-0257 Updated znc packages fix security vulnerability
In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. CVE-2024-39844...
WordPress Responsive Contact Form Builder & Lead Generation Plugin plugin <= 1.9.1 - Authenticated (Subscriber+) Arbitrary Shortcode Execution vulnerability
Authenticated Subscriber+ Arbitrary Shortcode Execution vulnerability discovered by stealthcopter in WordPress Plugin Contact Form & Lead Form Elementor Builder versions = 1.9.1...
WordPress Contact Form & Lead Form Elementor Builder Plugin <= 1.9.1 is vulnerable to Content Injection
Software Contact Form & Lead Form Elementor Builder Type Plugin Vulnerable versions = 1.9.1 Fixed in 1.9.2 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-4261 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5d051149eabf Credits stealthcopter...
PT-2024-30062 · WordPress · Responsive Contact Form Builder & Lead Generation Plugin
Name of the Vulnerable Software and Affected Versions: The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress versions up to, and including, 1.9.1 Description: The issue arises from the software's failure to properly validate a value before executing the do shortcode...
PT-2024-25990 · Unknown · Wpsoul Table Maker
Name of the Vulnerable Software and Affected Versions: Wpsoul Table Maker versions 1.9.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious...
WordPress plugin Table Maker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Table Maker plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Table Maker versions = 1.9.1...
WordPress Table Maker Plugin <= 1.9.1 is vulnerable to Cross Site Scripting (XSS)
Software Table Maker Type Plugin Vulnerable versions = 1.9.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34574 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7c1bf395ed48 Credits CatFather Required privilege Author Publishe...
WordPress Gutenverse plugin < 1.9.1 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmtirii Ignatyev in WordPress Plugin Gutenverse versions 1.9.1...
WordPress plugin Gutenverse 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin Solid Affiliate 日志信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A log information disclosu...
WordPress Sync Post With Other Site plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) to XSS vulnerability
Cross Site Request Forgery CSRF to XSS vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin Sync Post With Other Site versions = 1.9.1...
CVE-2024-30541
CVE-2024-30541 is a CSRF vulnerability in LWS LWS Optimize, affecting versions up to 1.9.1. The connected Red Hat entry repeats the CSRF description and affected product, but the initial documents do not provide deeper root-cause analysis, confirmed impact details, or remediation specifics. Techn...
CVE-2022-47153
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPJobBoard Jobeleon Theme allows Reflected XSS.This issue affects Jobeleon Theme: from n/a through 1.9.1...