• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-24733
    CVE-2021-24733
    The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:91 | 回复:0
  • CVE-2021-24858
    CVE-2021-24858
    The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin d ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:122 | 回复:0
  • CVE-2021-24865
    CVE-2021-24865
    The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:124 | 回复:0
  • CVE-2021-24906
    CVE-2021-24906
    The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:319 | 回复:0
  • CVE-2021-24923
    CVE-2021-24923
    The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, lead ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:132 | 回复:0
  • CVE-2021-24936
    CVE-2021-24936
    The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin cha ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:78 | 回复:0
  • CVE-2021-24965
    CVE-2021-24965
    The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. D ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:58 | 回复:0
  • CVE-2021-24968
    CVE-2021-24968
    The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated u ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:49 | 回复:0
  • CVE-2021-24974
    CVE-2021-24974
    The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could l ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:46 | 回复:0
  • CVE-2021-24976
    CVE-2021-24976
    The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:36 | 回复:0
  • CVE-2021-24985
    CVE-2021-24985
    The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-S ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:45 | 回复:0
  • CVE-2021-24989
    CVE-2021-24989
    The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a log ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:29 | 回复:0
  • CVE-2021-25008
    CVE-2021-25008
    The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:33 | 回复:0
  • CVE-2021-25013
    CVE-2021-25013
    The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:37 | 回复:0
  • CVE-2021-25015
    CVE-2021-25015
    The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:31 | 回复:0
  • CVE-2021-25017
    CVE-2021-25017
    The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:28 | 回复:0
  • CVE-2021-25028
    CVE-2021-25028
    The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:35 | 回复:0
  • CVE-2021-25031
    CVE-2021-25031
    The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribu ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:30 | 回复:0
  • CVE-2021-25035
    CVE-2021-25035
    The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:29 | 回复:0
  • CVE-2021-25045
    CVE-2021-25045
    The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:28 | 回复:0
  • CVE-2021-25049
    CVE-2021-25049
    The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilt ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:34 | 回复:0
  • CVE-2021-25062
    CVE-2021-25062
    The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:18 | 回复:0
  • CVE-2021-25073
    CVE-2021-25073
    The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2021-25074
    CVE-2021-25074
    The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:28 | 回复:0
  • CVE-2021-25076
    CVE-2021-25076
    The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:25 | 回复:0
  • CVE-2021-25078
    CVE-2021-25078
    The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perfo ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:28 | 回复:0
  • CVE-2021-25079
    CVE-2021-25079
    The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:22 | 回复:0
  • CVE-2021-25080
    CVE-2021-25080
    The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attac ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:20 | 回复:0
  • CVE-2021-25083
    CVE-2021-25083
    The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cros ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:19 | 回复:0
  • CVE-2022-0269
    CVE-2022-0269
    Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:21 | 回复:0
  • CVE-2021-44981
    CVE-2021-44981
    In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell argum ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:15 | 回复:0
  • CVE-2022-22296
    CVE-2022-22296
    Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:17 | 回复:0
  • CVE-2021-40596
    CVE-2021-40596
    SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:20 | 回复:0
  • CVE-2021-40907
    CVE-2021-40907
    SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/L ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:21 | 回复:0
  • CVE-2021-40908
    CVE-2021-40908
    SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:23 | 回复:0
  • CVE-2022-23437
    CVE-2022-23437
    There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, w ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:23 | 回复:0
  • CVE-2021-40909
    CVE-2021-40909
    Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:23 | 回复:0
  • CVE-2021-41471
    CVE-2021-41471
    SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:20 | 回复:0
  • CVE-2021-41472
    CVE-2021-41472
    SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:15 | 回复:0
  • CVE-2021-4088
    CVE-2021-4088
    SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL ...……
    作者:菜鸟教程小白 | 时间:2022-6-22 22:09 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap