The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and draft) into an arbitrary CSV file, which the attacker can then download and retrieve the list of titles for example…
The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a…
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other’s booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. Zafiyet ile ilgili Genel…
The Image optimization & Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its “Lazyload background images for selectors” settings, which could allow high privilege users such as admin to perform Cross-Site scripting attacks even when the unfiltered_html capability is disallowed. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL injection attacks Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence…
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer’s data Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database