EUVD-2014-4849

Malware in sbrugna...

EUVD-2014-4586

Malware in sbrugna...

EUVD-2022-42570

Malicious code in bioql PyPI...

WordPress Plugin Wordfence 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Wordfence Security Plugin for WordPress < 7.6.0 Stored Cross-Site Scripting

The WordPress Wordfence Security Plugin installed on the remote host is affected by a Stored Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

CVE-2022-3144

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

Cross site scripting

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

CVE-2022-3144 Wordfence Security – Firewall & Malware Scan <= 7.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Wordfence Security – Firewall & Malware Scan plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 7.6.0 via a setting on the options page due to insufficient escaping on the stored value. This makes it possible for authenticated users, with...

CVE-2022-3144

The CVE-2022-3144 entry concerns the Wordfence Security – Firewall & Malware Scan WordPress plugin, affected versions up to and including 7.6.0. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient escaping of stored values on an options-page setting. The impact is...

WordPress Plugin Wordfence Security – Firewall & Malware Scan 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Wordfence <= 7.1.12 - Username Enumeration Prevention Bypass

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by an Username Enumeration Prevention Bypass security vulnerability. PoC Wordfence blocks: http://www.example.com/?author=1 But allowed: http://www.example.com/?author=1...

WordPress Wordfence Security Plugin Cross-Site Scripting Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Wordfence Security is one of the security plug-ins, which provides firewalls, virus scanning, and traffic monitoring...

Cross site scripting

Cross-site scripting XSS vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php...

CVE-2014-4932

CVE-2014-4932 is a documented XSS in the Wordfence Security plugin for WordPress, before version 5.1.5. The issue allows a remote attacker to inject arbitrary web script or HTML by manipulating the val parameter to whois.php. Several connected sources corroborate the affected product and vulnerab...

Contact Form for WordPress – Ultimate Form Builder Lite plugin <=1.3.6 - SQL Injection (SQLi) vulnerability

SQL Injection vulnerability found by WordFence Security Team in Contact Form for WordPress – Ultimate Form Builder Lite plugin. Solution Update the Contact Form for WordPress – Ultimate Form Builder Lite plugin to the latest available version at least 1.3.7...

CVE-2014-4664

The CVE affects Wordfence Security/Firewall Plugin for WordPress (WordfenceWhois page) where the whoisval parameter in wp-admin/admin.php is not properly sanitized, allowing a reflected XSS. Root cause: insufficient input sanitization of the whoisval GET parameter. Impact: an attacker can craft a...

WordPress Plugin Wordfence Security - Multiple Vulnerabilities

WordPress Plugin Wordfence Security - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/69815/info The Wordfence Security Plugin for WordPress is prone to following vulnerabilities: 1. Multiple HTML-Injection vulnerabilities 2. Multiple Security Bypass vulnerabilities Successful...

WordPress Wordfence Security Plugin - Multiple Vulnerabilities

WordPress Wordfence Security plugin is prone to multiple HTML injection and security bypass vulnerabilities. These issues allow HTML and script code run in the context of the affected browser. In this way an attacker can steal cookie-based authentication credentials or control how the site is...

WordPress Plugin Wordfence Security - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/69815/info The Wordfence Security Plugin for WordPress is prone to following vulnerabilities: 1. Multiple HTML-Injection vulnerabilities 2. Multiple Security Bypass vulnerabilities Successful exploits of these issues allow the attacker-supplied HTML and...

Wordfence 3.3.5 - XSS & IAA

The Wordfence Security – Firewall & Malware Scan WordPress plugin was affected by a XSS & IAA security vulnerability...