• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-24799
    CVE漏洞
    CVE-2021-24799
    The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:44 | 回复:0
  • CVE-2021-24794
    CVE漏洞
    CVE-2021-24794
    The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting wh ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:36 | 回复:0
  • CVE-2021-24793
    CVE漏洞
    CVE-2021-24793
    The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Site ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:37 | 回复:0
  • CVE-2021-24789
    CVE漏洞
    CVE-2021-24789
    The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site Sc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:42 | 回复:0
  • CVE-2021-24781
    CVE漏洞
    CVE-2021-24781
    The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to edi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:45 | 回复:0
  • CVE-2021-24773
    CVE漏洞
    CVE-2021-24773
    The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the unf ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:68 | 回复:0
  • CVE-2021-24770
    CVE漏洞
    CVE-2021-24770
    The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated us ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:51 | 回复:0
  • CVE-2021-24757
    CVE漏洞
    CVE-2021-24757
    The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:61 | 回复:0
  • CVE-2021-24742
    CVE漏洞
    CVE-2021-24742
    The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:57 | 回复:0
  • CVE-2021-24723
    CVE漏洞
    CVE-2021-24723
    The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:58 | 回复:0
  • CVE-2021-24722
    CVE漏洞
    CVE-2021-24722
    The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Sc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:51 | 回复:0
  • CVE-2021-24717
    CVE漏洞
    CVE-2021-24717
    The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:70 | 回复:0
  • CVE-2021-24716
    CVE漏洞
    CVE-2021-24716
    The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:97 | 回复:0
  • CVE-2021-24715
    CVE漏洞
    CVE-2021-24715
    The WP Sitemap Page WordPress plugin before 1.7.0 does not properly sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:97 | 回复:0
  • CVE-2021-24685
    CVE漏洞
    CVE-2021-24685
    The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:58 | 回复:0
  • CVE-2021-24682
    CVE漏洞
    CVE-2021-24682
    The Cool Tag Cloud WordPress plugin before 2.26 does not escape the style attribute of the cool_tag_cloud shortcode, which could allow users with a role as low as Contributor to perform Stored Cross-S ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:42 | 回复:0
  • CVE-2021-24624
    CVE漏洞
    CVE-2021-24624
    The MP3 Audio Player for Music, Radio Podcast by Sonaar WordPress plugin before 2.4.2 does not properly sanitize or escape data in some of its Playlist settings, allowing high privilege users to perf ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:45 | 回复:0
  • CVE-2021-24572
    CVE漏洞
    CVE-2021-24572
    The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:62 | 回复:0
  • CVE-2021-24570
    CVE漏洞
    CVE-2021-24570
    The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:52 | 回复:0
  • CVE-2021-24539
    CVE漏洞
    CVE-2021-24539
    The Coming Soon, Under Construction Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming So ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:37 | 回复:0
  • CVE-2020-36505
    CVE漏洞
    CVE-2020-36505
    The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:32 | 回复:0
  • CVE-2020-36504
    CVE漏洞
    CVE-2020-36504
    The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:32 | 回复:0
  • CVE-2020-36503
    CVE漏洞
    CVE-2020-36503
    The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:36 | 回复:0
  • CVE-2018-25019
    CVE漏洞
    CVE-2018-25019
    The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:32 | 回复:0
  • CVE-2015-20067
    CVE漏洞
    CVE-2015-20067
    The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:33 | 回复:0
  • CVE-2015-20019
    CVE漏洞
    CVE-2015-20019
    The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:40 | 回复:0
  • CVE-2015-10001
    CVE漏洞
    CVE-2015-10001
    The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege us ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:37 | 回复:0
  • CVE-2021-40348
    CVE漏洞
    CVE-2021-40348
    Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:43 | 回复:0
  • CVE-2021-42694
    CVE漏洞
    CVE-2021-42694
    An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using ho ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:49 | 回复:0
  • CVE-2021-42574
    CVE漏洞
    CVE-2021-42574
    An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft sourc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:28 | 阅读:29 | 回复:0
  • CVE-2021-41313
    CVE漏洞
    CVE-2021-41313
    Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /sec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:55 | 回复:0
  • CVE-2021-20839
    CVE漏洞
    CVE-2021-20839
    Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:72 | 回复:0
  • CVE-2021-20838
    CVE漏洞
    CVE-2021-20838
    Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:59 | 回复:0
  • CVE-2020-36381
    CVE漏洞
    CVE-2020-36381
    An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:77 | 回复:0
  • CVE-2020-36380
    CVE漏洞
    CVE-2020-36380
    An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:81 | 回复:0
  • CVE-2020-36379
    CVE漏洞
    CVE-2020-36379
    An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:76 | 回复:0
  • CVE-2020-36378
    CVE漏洞
    CVE-2020-36378
    An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:70 | 回复:0
  • CVE-2020-36377
    CVE漏洞
    CVE-2020-36377
    An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:70 | 回复:0
  • CVE-2020-36376
    CVE漏洞
    CVE-2020-36376
    An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:71 | 回复:0
  • CVE-2020-26707
    CVE漏洞
    CVE-2020-26707
    An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:17 | 阅读:92 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap