111 matches found
PT-2023-16260 · WordPress · Article Directory Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: Article Directory WordPress plugin versions prior to 1.4 Description: The issue arises from improper sanitization of the publish terms text setting, which can be exploited to conduct Stored XSS attacks, particularly in multisite environments...
Ultimate FAQ Plugin for WordPress < 1.8.25 Multiple Vulnerabilities
The WordPress Ultimate FAQ Plugin installed on the remote host is affected by multiple vulnerabilities :\n\n - An Arbitrary Options Import.\n - An HTML Injection.\n Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number...
CVE-2022-4475 Collapse-O-Matic < 1.8.3 - Contributor+ Stored XSS
The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4010 Image Hover Effects < 5.5 - Admin+ Stored XSS
The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-29432 WordPress wpDataTables plugin <= 2.1.27 - Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities
Multiple Authenticated administrator or higher user role Persistent Cross-Site Scripting XSS vulnerabilities in TMS-Plugins wpDataTables plugin = 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters...
CVE-2021-36871 WordPress WP Google Maps Pro premium plugin <= 8.1.11 - Multiple Authenticated Persistent XSS vulnerabilities
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps Pro premium plugin versions &attributes, Name &attributes, &icons, &names, &description, &link, &title...
Advertising Plugin for WordPress Threatens Full Site Takeovers
The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers. The plugin’s author, Tunafish, has rolled out a patched version v.1.5.6, which site...
Cyber Security Week in Review (March 28)
Welcome to this week's Cyber Security Week in Review, where Cisco Talos runs down all of the news we think you need to know in the security world. Top headlines this week ASUS had to release an emergency fix for a malware that may have accidentally deployed to their machines. Attackers may have...
Wordpress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities
Exploit for php platform in category web applications Vulnerabilities: 1 CSRF 2 XSS Stored VULNERABILITY 1 CSRF Page affected: http://victimsite/wordpress/wp-admin/admin.php?page=cart66-products If the Wordpress admin were logged in and clicked on a link hosting code similar to the one in the PoC...
CVE-2012-4033
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors...
wpcomment-multi.txt
ChX Security | Advisory 3 | ========== - "WP Comment Remix 1.4.3 Multiple Vulnerabilities" Advisory URL: http://chxsecurity.org/advisories/adv-3-full.txt Date of last update: 2008-10-13 CVE Name: -- Vulnerability Information | ================== Software: WP Comment Remix Version: 1.4.3 From:...