6 matches found
CVE-2021-24143
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
CVE-2024-1497
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
Sql injection
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
CVE-2021-24143 AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections...
AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection
The plugin does not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injections. PoC https://drive.google.com/file/d/1UBTpW3RcPR7iqTi94ueyXLwWH8aFHuoe/view?usp=sharing Payload: aps-social id="1 and sleep3"...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project aka OFBiz 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the 1 Screenlet.title or 2...