description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
name: Hospital Management System 4.0 - SQL Injection
5
+
author: TenBird
6
+
severity: high
7
+
description: |
8
+
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
description: The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue.
7
+
description: WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerability via the slider import search feature because it does not properly sanitize the keyword GET parameter.
description: WordPress Mediumish theme 1.0.47 and prior contains an unauthenticated reflected cross-site scripting vulnerability. The 's' GET parameter is not properly sanitized by the search feature before it is output back on the page.
description: The Bello- Directory & Listing WordPresstheme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
8
-
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing
9
-
page, leading to reflected Cross-Site Scripting issues.
7
+
description: WordPress Bello Directory & Listing theme before 1.6.0 containsareflectedcross-sitescriptingvulnerability.Itdoes not properly sanitize and escape the listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value,
8
+
bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameters inthe ints listing
description: The Car Repair Services & Auto Mechanic WordPressthemebefore 4.0 did not properly sanitiseits serviceestimatekeysearch parameter before outputting it back in the page,leadingtoareflectedCross-SiteScriptingissue
7
+
description: WordPress Car Repair Services & Auto Mechanic before 4.0 containsareflectedcross-sitescriptingvulnerability.Itdoes not properly sanitizethe serviceestimatekey parameter before outputting it back in the page.
description: JNewsWordPress theme before 8.0.6 did not sanitise the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*),leadingtoaReflectedCross-SiteScripting(XSS)issue.
7
+
description: WordPressJNews theme before 8.0.6 containsareflectedcross-sitescriptingvulnerability.Itdoes not sanitize the cat_id parameter in the POST request /?ajax-request=jnews (with action=jnews_build_mega_category_*).
description: The JannahWordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page,leadingtoaReflectedCross-Site
8
-
Scripting (XSS) vulnerability.
7
+
description: WordPress Jannah theme before 5.4.4 containsareflectedcross-sitescriptingvulnerability.Itdoes not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page.
name: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
5
5
author: suman_kar
6
6
severity: medium
7
7
description: |
8
-
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter
9
-
in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which
10
-
can be triggered in both unauthenticated or authenticated user context
8
+
WordPress Pro Real Estate 7 theme before 3.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the ct_community parameter in its search listing page before outputting it back.
description: TheWPFoodbakeryWordPress plugin before 2.2,usedintheFoodBakeryWordPressthemebefore2.2did not properly sanitize the foodbakery_radius parameter before outputting it back in the response,leadingtoanunauthenticatedReflectedCross-SiteScripting(XSS)vulnerability.
7
+
description: WordPress FoodBakery before 2.2 containsanunauthenticatedreflectedcross-sitescriptingvulnerability.Itdoes not properly sanitize the foodbakery_radius parameter before outputting it back in the response.
description: The JannahWordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action,leadingtoaReflectedCross-siteScripting(XSS)vulnerability.
7
+
description: WordPress Jannah theme before 5.4.5 containsareflectedcross-sitescriptingvulnerability.Itdoes not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.
name: WordPress Post Grid <2.1.8 - Cross-SiteScripting
5
5
author: cckuailong
6
6
severity: medium
7
-
description: The slider import search feature and tab parameter of thePostGridWordPresspluginbefore2.1.8settings are not properly sanitised before being output back in the pages,leadingtoReflectedCross-SiteScriptingissues
7
+
description: WordPressPostGridpluginbefore2.1.8containsareflectedcross-sitescriptingvulnerability.The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,
description: The Marmoset ViewerWordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page,leadingtoareflectedCross-SiteScriptingissue.
7
+
description: WordPress Marmoset Viewer plugin before 1.9.3containsacross-sitescriptingvulnerability.It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.
name: Calendar Event Multi View <1.4.01 - UnauthenticatedReflectedCross-Site Scripting(XSS)
4
+
name: WordPressCalendar Event Multi View <1.4.01 - Cross-Site Scripting
5
5
author: suman_kar
6
6
severity: medium
7
-
description: The plugin does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php),leadingtoareflectedCross-SiteScriptingissue.
7
+
description: WordPressCalendarEventMultiView plugin before1.4.01containsanunauthenticatedreflectedcross-sitescriptingvulnerability.Itdoes not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).
description: The MF Gig CalendarWordPress plugin through1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event,leadingtoareflectedCross-SiteScriptingissue
7
+
description: WordPress MF Gig Calendar plugin 1.1 andpriorcontainsareflectedcross-sitescriptingvulnerability.Itdoes not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.
The Elementor Website BuilderWordPress plugin before 3.1.4 does not sanitise or escape user input appended to the DOM via a malicious hash,resultinginaDOMCross-SiteScriptingissue.
8
+
WordPress Elementor Website Builder plugin before 3.1.4 containsaDOMcross-sitescriptingvulnerability.Itdoes not sanitize or escape user input appended to the DOM via a malicious hash.
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
7
+
description: WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.
description: The Domain CheckWordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page,leadingtoaReflectedCross-SiteScriptingissue.
7
+
description: WordPress Domain Check plugin before 1.0.17 containsareflectedcross-sitescriptingvulnerability.Itdoes not sanitize and escape the domain parameter before outputting it back in the page.
description: The plugin does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response,
8
-
leading to a Reflected Cross-Site Scripting issue.
7
+
description: WordPressSuperSocializer plugin before7.13.30containsareflectedcross-sitescriptingvulnerability.Itdoes not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.
name: Contact Form 7 Skins <=2.5.0 -Reflected Cross-Site Scripting(XSS)
4
+
name: WordPressContact Form 7 Skins <=2.5.0 - Cross-Site Scripting
5
5
author: dhiyaneshDk
6
6
severity: medium
7
-
description: The plugin does not sanitise and escape the tab parameter before outputting it back in an admin page,leadingtoaReflectedCross-SiteScripting
7
+
description: WordPressContactForm7Skins plugin 2.5.0andpriorcontainsareflectedcross-sitescriptingvulnerability.Itdoes not sanitize and escape the tab parameter before outputting it back in an admin page.
name: WordPress Duplicate Page or Post <1.5.1 - StoredXSS
4
+
name: WordPress Duplicate Page or Post <1.5.1 - Cross-SiteScripting
5
5
author: DhiyaneshDK
6
6
severity: low
7
7
description: |
8
-
The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing anyauthenticated users,suchassubscriber to call it and change the plugin's settings, or perform such attack via CSRF.Furthermore,duetothelackofescaping,thiscouldleadtoStoredCross-SiteScriptingissues.
9
-
remediation: Fixed in version 1.5.1.
8
+
WordPressDuplicatePageorPostpluginbefore1.5.1containsastoredcross-sitescriptingvulnerability.The plugin does not have any authorization and has a flawed cross-siterequestforgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-siterequestforgery.
description: Asanunauthenticatedremoteuser,visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
7
+
description: Cacticontainsacross-sitescriptingvulnerabilityvia "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" whichcan successfully execute the JavaScript payload present in the "ref" URL parameter.
description: Across-sitescripting(XSS)issueintheloginpanelinRedwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
7
+
description: Redwood Report2Web 4.3.4.5 and 4.5.3containsacross-sitescriptingvulnerabilityintheloginpanelwhich allows remote attackers to inject JavaScript via the signIn.do urll parameter.
description: CrossSiteScripting(XSS)inthe Jitsi Meet 2.7 through 2.8.3 plugin forMoodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can
8
-
inject javascript code to be run by the application.
7
+
description: Moodle Jitsi Meet 2.7 through 2.8.3 plugin containsacross-sitescriptingvulnerability via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, caninjectJavaScriptcodetoberunbytheapplication.
Triconsole Datepicker Calendar <3.77 isaffectedby cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
8
+
Triconsole Datepicker Calendar before3.77 containsa cross-site scripting vulnerability in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
description: Ghost is a Node.jsCMS. An unused endpoint added during the development of 4.0.0 hasleftsitesvulnerabletountrustedusersgainingaccess to GhostAdmin.Attackerscangain access by getting loggedin users to click a link containing malicious code.Usersdonotneedtoentercredentialsandmaynotknowthey'vevisitedamalicioussite.
7
+
description: Ghost CMS4.0.0to4.3.2contains a DOMcross-sitescriptingvulnerability. An unused endpoint added during the development of 4.0.0 allowsattackers to gain access by getting logged-in users to click a link containing malicious code.
name: Adminer reflected XSS via the table parameter
4
+
name: Adminer <=4.8.0 - Cross-Site Scripting
5
5
author: daffainfo
6
6
severity: medium
7
-
description: Adminer is open-source database management software. A cross-site scripting vulnerability in Adminer versions 4.6.1 to 4.8.0 affects users of MySQL, MariaDB, PgSQL and SQLite. XSS is in most cases prevented by strict CSP in all modern browsers. The only exception is when Adminer is using a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled). In browsers without CSP, Adminer versions 4.6.1 to 4.8.0 are affected. The vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
7
+
description: Adminer 4.6.1 to 4.8.0 contains a cross-site scripting vulnerability which affects users of MySQL, MariaDB, PgSQL, and SQLite in browsers without CSP when Adminer uses a `pdo_` extension to communicate with the database (it is used if the native extensions are not enabled).
remediation: This vulnerability is patched in version 4.8.1. As workarounds, one can use a browser supporting strict CSP or enable the native PHP extensions (e.g. `mysqli`) or disable displaying PHP errors (`display_errors`).
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allowsXSS via the queue name of the live-poll feature when Internet Explorer is used.
7
+
description: Sidekiq through 5.1.3 and 6.x through 6.2.0 containsacross-sitescriptingvulnerability via the queue name of the live-poll feature when Internet Explorer is used.
description: Knowage Suite 7.3 isvulnerableto unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
7
+
description: Knowage Suite 7.3 containsan unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
description: Several versions and models of CHIYU IoT devices are vulnerable to multiple Cross-Site Scripting flaws.
7
+
description: CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.
name: SIS Informatik REWE GO SP17 <7.7 - Cross-Site Scripting
5
5
author: geeknik
6
6
severity: medium
7
-
description: SIS SIS-REWE Go before 7.7 SP17allowsXSS-- rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
7
+
description: SIS InformatikREWE GOSP17 before 7.7 containsacross-sitescriptingvulnerabilityvia rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
name: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
5
5
author: Ahmed Abou-Ela
6
6
severity: medium
7
-
description: Unauthenticatedcross-sitescripting(XSS)vulnerabilityinBeyondTrust Secure Remote Access Base Softwarethrough 6.0.1 allow remote attackers to inject arbitrary web script or HTML.
7
+
description: BeyondTrust Secure Remote Access Base through 6.0.1 containsacross-sitescriptingvulnerabilitywhichallows remote attackers to inject arbitrary web script or HTML.
description: Erxes priortoversion 0.23.0 isvulnerableto cross-site scripting.The value of topicID parameter is not escaped & triggered in the enclosing script tag.
7
+
description: Erxes before 0.23.0 containsa cross-site scriptingvulnerability.The value of topicID parameter is not escaped andis triggered in the enclosing script tag.
description: The Securimage-WP-Fixed WordPressplugin isvulnerabletoReflectedCross-SiteScripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts,inversionsuptoandincluding3.5.4.
7
+
description: WordPress Securimage-WP-Fixed plugin 3.5.4andpriorcontainsacross-sitescriptingvulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file, which allows attackers to inject arbitrary web scripts.
name: Skaut bazar <1.3.3 -Reflected Cross-Site Scripting
4
+
name: WordPressSkaut Bazar <1.3.3 - Cross-Site Scripting
5
5
author: dhiyaneshDK
6
6
severity: medium
7
-
description: The Skaut bazarWordPress plugin isvulnerabletoReflectedCross-SiteScripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts,inversionsuptoandincluding1.3.2.
7
+
description: WordPress Skaut Bazar plugin before1.3.3containsareflectedcross-sitescriptingvulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts.
QSAN Storage Manager header page parameters does not filter special characters.
9
-
Remote attackers can inject JavaScript without logging in and launch
10
-
reflected XSS attacks to access and modify specific data.
8
+
QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.
description: Reflected cross-site scripting (XSS)vulnerabilityexists in multiple pages inversion3.0.2oftheHotelDruidapplicationthat allows for arbitrary execution of JavaScript commands.
7
+
description: HotelDruid3.0.2containsa cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.
name: SAP Knowledge Warehouse <=7.5.0 - Cross-SiteScripting
5
5
author: pdteam
6
6
severity: medium
7
7
description: |
8
-
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
8
+
SAP Knowledge Warehouse 7.30, 7.31, 7.40, and 7.50 contain a reflected cross-site scripting vulnerability via the usage of one SAP KW component within a web browser.
name: Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting
5
5
author: DhiyaneshDk
6
6
severity: medium
7
-
description: ZyXEL ZyWALL 2 Plus Internet Security Appliance isaffectedbyCrossSiteScripting(XSS). Insecure URI handling leads to bypass securityrestrictiontoachieveCrossSiteScripting, which allows an attackerable to execute arbitrary JavaScript codes to perform multiple attackssuchasclipboardhijackingandsessionhijacking.
7
+
description: ZyXEL ZyWALL 2 Plus Internet Security Appliance containsacross-sitescriptingvulnerability. Insecure URI handling leads to bypass ofsecurityrestrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.
name: WordPress Visual Form Builder <3.0.6 - UnauthenticatedInformationDisclosure
4
+
name: WordPress Visual Form Builder <3.0.8 - Cross-SiteScripting
5
5
author: random-robbie
6
6
severity: medium
7
7
description: |
8
-
Visual Form Builder < 3.0.6-UnauthenticatedInformationDisclosure. The plugin does not perform access control on entry form export, allowing unauthenticated users to see the form entries orexportitas aCSV File using the vfb-export endpoint.
8
+
WordPressVisual Form Builder pluginbefore 3.0.8containsacross-sitescriptingvulnerability. The plugin does not perform access control on entry form export, allowing anunauthenticated user to export the form entries as CSV files using the vfb-export endpoint.
name: All-in-one Floating Contact Form <2.0.4 - AuthenticatedReflectedXSS
4
+
name: WordPressAll-in-one Floating Contact Form <2.0.4 - Cross-SiteScripting
5
5
author: DhiyaneshDK
6
6
severity: medium
7
-
description: The plugin was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.
7
+
description: WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page.
Admin credentials are stored in clear text at the endpoint /test.txt (This occurs in situations where the default credentials admin:admin have beenchanged.) Allows an unauthenticated attacker to obtain adminicredentials, access the admin dashboard of Linear eMerge E3-Series devices, control entire building doors, cameras, elevator, etc... and access information about employees who can access the building and take control of the entire building.
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "toast" parameter which is inserted into the document with insufficient sanitization.
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "success" parameter which is inserted into the document with insufficient sanitization.
A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 via "msg" parameter which is inserted into the document with insufficient sanitization.
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.
description: A Tomcat Manager login panel was discovered via path normalization. Normalizing a path involves modifying the string that identifies a path or file so that it conforms to a valid path on the target
name: Open Virtualization Userportal & Webadmin Panel Detection
5
5
author: idealphase
6
6
severity: info
7
-
description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirt
8
-
uses the trusted KVM hypervisor and is built upon several other community projects, including libvirt, Gluster, PatternFly, and Ansible.
7
+
description: Open Virtualization Userportal & Webadmin panels were detected. Open Virtualization Manager is an open-source distributed virtualization solution designed to manage enterprise infrastructure. oVirtusesthetrustedKVMhypervisorandisbuiltuponseveralothercommunityprojects,includinglibvirt,Gluster,PatternFly,andAnsible.
description: Carel pCOWeb HVAC BACnet Gateway 2.1.0 is vulnerable to local file inclusion because of input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.
description: GeoVision Geowebserver 5.3.3 and prior versions are vulnerable to several cross-site scripting / HTML injection / local file inclusion / XML injection / code execution vectors because the application fails to properly sanitize user requests.
MagicFlow is susceptible to local file inclusion vulnerabilities because it allows remote unauthenticated users to access locally stored files on the server and return their content via the '/msa/main.xp' endpoint and the 'Fun' parameter.
description: The plugin does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue.
name: WordPress Candidate Application Form <= 1.3 - Local File Inclusion
5
+
author: dhiyaneshDK
6
+
severity: high
7
+
description: WordPress Candidate Application Form <= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks.
name: WordPress DB Backup <=4.5 - Local File Inclusion
5
+
author: dhiyaneshDK
6
+
severity: high
7
+
description: WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
name: WordPress My Chatbot <= 1.1 - Reflected Cross-Site Scripting
5
5
author: dhiyaneshDk
6
-
severity: medium
6
+
severity: high
7
7
description: WordPress My Chatbot <= 1.1 is susceptible to cross-site scripting. The plugin does not sanitize or escape its tab parameter in the Settings page before outputting it back in an attribute.
name: Newsletter Manager < 1.5 - Unauthenticated Open Redirect
5
+
author: akincibor
6
+
severity: low
7
+
description: |
8
+
The plugin used base64 encoded user input in the appurl parameter without validation, to redirect users using the header() PHP function, leading to an open redirect issue.
name: Ninja Forms < 3.4.34 - Administrator Open Redirect
5
+
author: dhiyaneshDk,daffainfo
6
+
severity: low
7
+
description: The wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
name: WordPress Simple Image Manipulator 1.0 - Local File Inclusion
5
+
author: dhiyaneshDK
6
+
severity: high
7
+
description: WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.
description: WordPress Revslider is affected by an unauthenticated file retrieval vulnerability, which could result in attacker downloading the wp-config.php file.
WordPress SocialFit is vulnerable to a cross-site scripting vulnerability via the 'msg' parameter because it fails to properly sanitize user-supplied input.
description: The plugin does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting
