2135 matches found
Debian DSA-5279-1 : wordpress - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5279 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...
CVE-2022-2167
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-2627
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-2627
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-2627 Newspaper < 12 - Reflected Cross-Site Scripting
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...
CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting...
PT-2022-15023 · WordPress · Newspaper
Name of the Vulnerable Software and Affected Versions: Newspaper WordPress theme versions prior to 12 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitized before being outputted back in an HTML attribute via an AJAX...
CVE-2022-3401
The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combined with the missing authorization vulnerability CVE-2022-3400, makes it possible for authenticate...
PT-2022-21966 · WordPress · The Bricks
Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions 1.2 to 1.5.3 Description: The issue allows remote code execution due to the theme permitting site editors to include executable code blocks in website content. This is exacerbated by a missing...
CVE-2022-3209 Soledad < 8.2.5 - Reflected Cross-site Scripting
The soledad WordPress theme before 8.2.5 does not sanitise the id,datafiltertype,... parameters in its pencimoreslistpostajax AJAX action, leading to a Reflected Cross-Site Scripting XSS vulnerability...
CVE-2022-2654
The Classima WordPress theme before 2.1.11 and some of its required plugins Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10 do not escape a parameter before outputting it back in attributes,...
Cross site scripting
The Classima WordPress theme before 2.1.11 and some of its required plugins Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10 do not escape a parameter before outputting it back in attributes,...
WordPress theme Classima 跨站脚本漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Classima prior to version 2.1.11, whic...
CVE-2022-1251
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request...
CVE-2022-1251
The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request...
CVE-2022-2180
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE...
CVE-2022-2180
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE...
CVE-2022-2180
The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE...
PT-2022-15138 · WordPress · Greyd.Suite
Name of the Vulnerable Software and Affected Versions: GREYD.SUITE WordPress theme affected versions not specified Description: The issue concerns the GREYD.SUITE WordPress theme, which fails to properly validate uploaded custom font packages and does not perform authorization or CSRF checks. Thi...