101154 matches found
WordPress Tm – WordPress Redirection plugin <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Tm – WordPress Redirection versions = 1.2...
WordPress Advanced Social Media Icons plugin <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Advanced Social Media Icons versions = 1.2...
NPM: automagik-genie has a command injection vulnerability
NPM: automagik-genie has a command injection vulnerability discovered by ? in WordPress Npm automagik-genie versions 2.5.27...
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components
NPM: Facebook React has a Denial of Service Vulnerability in React Server Components discovered by ? in WordPress Npm react-server-dom-parcel versions = 19.0.0, 19.0.6...
EUVD-2021-34802
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2022-50960
WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...
CVE-2022-50946
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...
CVE-2022-50947
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...
CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47927
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization of the forum name parameter. Attackers can submit POST requests to the admin setup page with...
CVE-2021-47932 WordPress TheCartPress 1.5.3.6 Privilege Escalation Unauthenticated
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcpregisterandloginajax action with tcprole set to...
CVE-2021-47932
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler. Attackers can send POST requests to the tcpregisterandloginajax action with tcprole set to...
CVE-2021-47926 WordPress Contact Form to Email 1.3.24 Stored XSS
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...
CVE-2021-47926
CVE-2021-47926 affects WordPress plugin Contact Form to Email 1.3.24, with a stored XSS in the form name field. Authenticated attackers can insert JavaScript in form names, which executes when other logged-in users access the form management page, enabling session hijacking or credential theft. R...
CVE-2021-47922 WordPress Plugin Slider by Soliloquy 2.6.2 Stored XSS
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...
CVE-2022-50960
The vulnerability is in WordPress International Sms For Contact Form 7 Integration v1.2, which contains a reflected XSS in the page parameter of the admin settings interface. The issue is triggered via class-sms-log-display.php, allowing an attacker to inject malicious JavaScript that runs in adm...
CVE-2022-50959 WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the formid parameter. Attackers can craft malicious URLs to codegenerator.php with script payloads in the formid parameter t...
CVE-2022-50959
CVE-2022-50959 affects WordPress Contact Form Builder 1.6.1. It is a reflected cross-site scripting vulnerability where an unauthenticated attacker can cause arbitrary JavaScript execution in a victim’s browser by injecting payloads via the form_id parameter, using crafted URLs to code_generator....
CVE-2022-50945 WordPress 3dady Real-Time Web Stats 1.0 Stored XSS
WordPress 3dady Real-Time Web Stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input fields. Attackers can insert JavaScript payloads in the dadyinputtext or dady2inputtext fields via...
CVE-2022-50946
The CVE-2022-50946 entry concerns the WordPress plugin Netroics Blog Posts Grid 1.0, where a stored cross-site scripting (XSS) flaw exists in the handling of the post_title field and the testimonial title field. The root cause is failure to sanitize the post_title parameter, enabling an attacker ...