Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

3 Ways an Employee Scheduling App Can Streamline Your Business

By Owais Sultan If you’re the manager of a business with employees, you know how hard it can be to schedule… This is a post from HackRead.com Read the original post: 3 Ways an Employee Scheduling App Can Streamline Your Business

HackRead
Open in Source
#wordpress
CVE-2017-20108

A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic cross site scripting. It is possible to initiate the attack remotely.

CVE-2017-20103: Full Disclosure: WordPress Plugin Kama Click Counter 3.4.9

A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with the input ASC%2c(select*from(select(sleep(2)))a) leads to sql injection (Blind). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2017-20099: Analytics Stats Counter Statistics WordPress Plugin unauthenticated PHP Object injection vulnerability

A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely.

WordPress Simple Page Transition 1.4.1 Cross Site Scripting

WordPress Simple Page Transition plugin version 1.4.1 suffers from a persistent cross site scripting vulnerability.

WordPress W-DALIL 2.0 Cross Site Scripting

WordPress W-DALIL plugin version 2.0 suffers from a persistent cross site scripting vulnerability.

WordPress Weblizar 8.9 Code Execution

WordPress Weblizar plugin version 8.9 suffers from a remote code execution vulnerability.

CVE-2013-2180: CVE-2012-5856 uk-cookie plugin XSS · Issue #184 · wpscanteam/wpscan

WordPress Plugin UK Cookie is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin UK Cookie version 1.1 is vulnerable; other versions may also be affected.

CVE-2022-2041

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

CVE-2022-2040

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks