173 matches found
WordPress plugin Stream 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-2170 TaxoPress <= 3.6.4 - Authenticated (Editor+) Stored Cross-Site Scripting
The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to...
PT-2023-16938 · WordPress · Wh Testimonials
Name of the Vulnerable Software and Affected Versions: The WH Testimonials plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers t...
PT-2022-26948 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 6.0.3 Description: A cross-site scripting issue allows a remote unauthenticated attacker to inject an arbitrary script. The developer provides new patched releases for all versions since 3.7. Recommendations: For...
WordPress plugin th23 Social 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. th23 Socials plugin 1.2.0 and earlier versions of WordPress are vulnerable to a cross-site scripting...
PT-2022-13802 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions 3.6.0 through 3.6.2 Description: The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in t...
PT-2021-23594 · WordPress · Wordpress Popular Posts
Name of the Vulnerable Software and Affected Versions: WordPress Popular Posts versions up to and including 5.3.2 Description: The WordPress Popular Posts plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the /src/Image.php file. This makes it...
VulnCheck KEV: CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted...
PT-2020-5742 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to insufficient access control in certain features of the WordPress content management system. This can be exploited by a remote attacker to impact data integrity. The proble...
PT-2020-5777 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.5.2 Description: The issue is related to the is protected meta function in the wp-includes/meta.php component of the WordPress content management system. This function incorrectly determines the protection status...
WordPress Cross-Site Scripting Vulnerability (CNVD-2020-27082)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Search module in WordPress versions 5.2 through 5.4. The...
WordPress Hotel Booking System Pro 1.1 Cross Site Scripting
Exploit Title: WordPress Hotel Booking System Pro v1.1 XSS Vunlerability Google Dork:N/A Date: 2020-04-04 Exploit Author: @ThelastVvV Vendor Homepage: https://codecanyon.net/item/online-hotel-booking-system-pro-wordpress-plugin/9338914 Version: 1.1 Tested on: 5.4.0-4parrot1-amd64...
UBUNTU-CVE-2019-17674
WordPress before 5.2.4 is vulnerable to stored XSS cross-site scripting via the Customizer...
PT-2019-5224 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...
DEBIAN-CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
DEBIAN-CVE-2018-20152
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input...
DEBIAN-CVE-2018-20149
In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data...
UBUNTU-CVE-2018-20152
In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input...
DEBIAN-CVE-2017-1000600
WordPress version 4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has...
WordPress Cross-Site Scripting Vulnerability (CNVD-2017-38267)
WordPress is a blogging platform developed using the PHP language. Users can set up their own websites on servers that support PHP and MySQL databases, or use WordPress as a content management system CMS. A cross-site scripting vulnerability exists in WordPress before 4.9.1. The vulnerability...