63 matches found
WordPress Plugin Site Reviews Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Site Reviews Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)
Software Site Reviews Type Plugin Vulnerable versions = 6.11.4 Fixed in 6.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2293 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 905ece02271d Credits stealthcopter Required...
Login as User or Customer <= 3.8 - Admin Account Takeover
Description The plugin does not prevent users to log in as any other user on the site. PoC 1. As an admin, log in as some user. Note the user ID. 2. Run the following curl command, filling in the ADMINID and the USERID: curl -v https://example.com/wp-admin/admin-ajax.php -H 'Cookie:...
Seraphinite Accelerator < 2.2.29 - Authenticated Arbitrary Redirect
Description The plugin does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect Make a logged in user open https://example.com/wp-admin/admin-ajax.php?action=seraphaccelact&fn=acceptEula&redir=https%3A%2F%2Fwpscan.com...
WordPress plugin Site Reviews 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin Site Reviews 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Site Reviews Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27629 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 45dbc55b56d9 Credits Mika Required privilege...
WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Site Reviews Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27612 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 795688817308 Credits Rafshanzani Suhada Required...
WordPress Site Reviews Plugin <= 6.5.0 is vulnerable to Broken Access Control
Software Site Reviews Type Plugin Vulnerable versions = 6.5.0 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27625 Patch priority Low CVSS severity Low 4.3 Developer Gemini Labs PSID d9f4b2bf1ed3 Credits Rafshanzani Suhada Required privileg...
CVE-2022-35730
Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...
Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF
The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin or editor add Stored XSS payloads via a CSRF attack Make a logged in editor or admin open a page with the below payload...
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization Vulnerability
ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Incorrect Authorization CWE-863 Date found: 2022-07-23 Date published: 2022-08-16 CVSSv3 Score: 7.5...
Transposh WordPress Translation 1.0.7 Incorrect Authorization Vulnerability
Transposh WordPress Translation versions 1.0.7 and below suffer from an incorrect authorization vulnerability. When installed, Transposh comes with a set of pre-configured options, one of these is the "Who can translate" setting under the "Settings" tab, which by default allows "Anonymous" users ...
CVE-2022-0218 WP HTML Mail <= 3.0.9 Missing Authorization on REST-API Route
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting
The plugin does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting With the "Enable Logs" setting activated: https://example.com/wp-admin/admin.php?page=check-email-logs&d="+style=animation-name:rotation+onanimationstart=alert/XSS///...
Ultimate Addons for Elementor < 1.24.2 - Registration Bypass
"The Ultimate Addons for Elementor plugin recently patched a vulnerability in version 1.24.2 that allows attackers to create subscriber-level users, even if registration is disabled on a WordPress site." This vulnerability is being used in conjunction with a 0-day vulnerability in Elementor PRO...
CVE-2020-8658
The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.php&action=htaccesseditor CSRF. The flag htccssnoncename passes the nonce to WordPress but the plugin does not validate it correctly, resulting in a wrong implementation of anti-CSRF protection. In...
Automattic: Denial of service to WP-JSON API by cache poisoning the CORS allow origin header
The WP-JSON implementation on some wordpress.com websites I've tested is vulnerable to denial of service where by an attacker can provide an arbitrary Origin header in the request, which is then echoed back in the response via the Access-Control-Allow-Origin header, which is cached and served to...
Uber: Access to SQL server of ubergreen.pt through password disclosure from different domain on same IP
The uber microsite http://ubergreen.pt has an open MYSQL port on 3306. ubergreen.pt itself is hosted on the IP 109.71.41.173. After some research, it was found that this IP also hosts many other domains. As of yesterday 11/10/18, this included the domain apps.etnos.co. This domain existed on the...
CVE-2017-16815
installer.php in the Snap Creek Duplicator WordPress Site Migration & Backup plugin before 1.2.30 for WordPress has XSS because the values "urlnew" /wp-content/plugins/duplicator/installer/build/view.step4.php and "logging" wp-content/plugins/duplicator/installer/build/view.step2.php are not...