Lucene search
K

136 matches found

VulnCheck KEV
VulnCheck KEV
added 2022/05/31 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-41951

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...

6.1CVSS6.3AI score0.77892EPSS
Exploits1References1
OSV
OSV
added 2022/02/28 9:15 a.m.5 views

CVE-2021-25034

The WP User WordPress plugin before 7.0 does not sanitise and escape some parameters in pages where the wpuser shortcode is used, leading to Reflected Cross-Site Scripting issues...

6.1CVSS5.8AI score0.00788EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2022/02/21 12:0 a.m.282 views

WordPress WP User Frontend 3.5.25 SQL Injection

Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...

8.8CVSS8.8AI score0.1712EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2021/11/15 12:0 a.m.7 views

PT-2021-23457 · Unknown · Resourcespace

Name of the Vulnerable Software and Affected Versions: ResourceSpace versions prior to 9.6 rev 18290 Description: The issue allows for malicious JavaScript content to be executed within the context of a victim's browser, due to a reflected Cross-Site Scripting vulnerability. This can occur when a...

6.1CVSS5.9AI score0.77892EPSS
Exploits1References3
Patchstack
Patchstack
added 2019/01/14 12:0 a.m.93 views

WordPress User Registration plugin <= 1.5.5 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by "Mr Winst0n" in WordPress User Registration plugin versions = 1.5.5. Solution Update the WordPress User Registration plugin to the latest available version at least 1.5.6...

2.5AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/06/28 12:0 a.m.5 views

WordPress WP User Groups Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.WP User Groups is used in one of the user management plugin. A cross-site request forgery vulnerability exists in the...

6.5CVSS6.5AI score0.00438EPSS
Exploits1References1
Patchstack
Patchstack
added 2018/01/30 12:0 a.m.10 views

WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...

4AI score
Exploits0References1Affected Software1
n0where
n0where
added 2018/01/01 8:31 p.m.74 views

Fsociety Hacking Tools Pack

Fsociety Menu Information Gathering Password Attacks Wireless Testing Exploitation Tools Sniffing & Spoofing Web Hacking Private Web Hacking Post Exploitation INSTALL & UPDATE Information Gathering : Nmap Setoolkit Port Scanning Host To IP wordpress user CMS scanner XSStracer Dork – Google Dorks...

0.1AI score
Exploits0References1
Packet Storm
Packet Storm
added 2017/10/31 12:0 a.m.90 views

WordPress User Login History 1.5.2 Cross Site Scripting

Product: User Login History Wordpress Plugin - https://wordpress.org/plugins/user-login-history/ Vendor: Er Faiyaz Alam Tested version: 1.5.2 CVE ID: CVE-2017-15867 CVE description Multiple cross-site scripting XSS vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow...

6.5AI score0.01041EPSS
Exploits2
CNVD
CNVD
added 2016/09/20 12:0 a.m.3 views

SQL Injection Vulnerability in weiphp 'Application\Home\Controller\PublicController.class.php' Page

weiphp is an open source, efficient, simple microsoft development platform. The weiphp 'Application\Home\Controller\PublicController.class.php' page has a SQL injection vulnerability. Due to the direct carry of $data = M gettablename $model 'id' -find $id ; resulting in the injection of the...

8AI score
Exploits0References1
Packet Storm
Packet Storm
added 2016/02/06 12:0 a.m.21 views

WordPress User Meta Manager 3.4.6 Privilege Escalation

Exploit Title: WordPress User Meta Manager Plugin Privilege Escalation Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...

0.6AI score
Exploits0
0day.today
0day.today
added 2015/12/18 12:0 a.m.22 views

WordPress User Role 1.4.1 Cross Site Scripting Vulnerability

WordPress User Role plugin version 1.4.1 suffers from a cross site scripting vulnerability. WordPress User Role 1.4.1 Cross Site Scripting Vulnerability Plugin Name : User Role Effected Version : 1.4.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified...

6.7AI score
Exploits0
WPVulnDB
WPVulnDB
added 2015/02/11 12:0 a.m.21 views

EasyCart <= 3.0.15 - Unrestricted File Upload

In versions = 3.0.8 this can be exploited by authenticating as any WordPress user, and in versions 3.0.9 - 3.0.15 can be exploited by passing a valid password hash being used by any admin in the EasyCart user system...

6.5CVSS2.1AI score0.51617EPSS
Exploits7References4Affected Software1
seebug.org
seebug.org
added 2014/03/20 12:0 a.m.15 views

WordPress User Domain Whitelist插件跨站请求伪造漏洞

WordPress是一款内容管理系统。 应用程序允许用户通过未经验证检查的HTTP请求执行某些操作,攻击者可以利用漏洞在欺骗管理员用户登录特制网页时修改插件设置。 0 WordPress User Domain Whitelist Plugin 1.x WordPress User Domain Whitelist Plugin 1.5版本以修复此漏洞,建议用户下载使用: http://wordpress.org/plugins/user-domain-whitelist/changelog/ form...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/07/11 12:0 a.m.25 views

WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/61116/info miniBB is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/05/27 12:0 a.m.20 views

WordPress User Role Editor 3.12 Cross Site Request Forgery

Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-editor Version: =3.12 Tested on: Debian...

7.4AI score
Exploits0
Rows per page
Query Builder