• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号
登陆 注册
OStack程序员社区-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2020-17453
    CVE漏洞
    CVE-2020-17453
    WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:30 | 阅读:6 | 回复:0
  • CVE-2020-19596
    CVE漏洞
    CVE-2020-19596
    Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a crafted username.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:30 | 阅读:13 | 回复:0
  • CVE-2020-19595
    CVE漏洞
    CVE-2020-19595
    Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a crafted username.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:10 | 回复:0
  • CVE-2021-24212
    CVE漏洞
    CVE-2021-24212
    The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:8 | 回复:0
  • CVE-2021-24211
    CVE漏洞
    CVE-2021-24211
    The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to exe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:7 | 回复:0
  • CVE-2021-24210
    CVE漏洞
    CVE-2021-24210
    There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:30 | 回复:0
  • CVE-2021-24209
    CVE漏洞
    CVE-2021-24209
    The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Set ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:23 | 回复:0
  • CVE-2021-24208
    CVE漏洞
    CVE-2021-24208
    The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom H ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:30 | 回复:0
  • CVE-2021-24207
    CVE漏洞
    CVE-2021-24207
    By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:17 | 回复:0
  • CVE-2021-24206
    CVE漏洞
    CVE-2021-24206
    In the Elementor Website Builder WordPress plugin before 3.1.4, the image box widget (includes/widgets/image-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:14 | 回复:0
  • CVE-2021-24205
    CVE漏洞
    CVE-2021-24205
    In the Elementor Website Builder WordPress plugin before 3.1.4, the icon box widget (includes/widgets/icon-box.php) accepts a ‘title_size’ parameter. Although the element control lists a fixed set o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:22 | 回复:0
  • CVE-2021-24204
    CVE漏洞
    CVE-2021-24204
    In the Elementor Website Builder WordPress plugin before 3.1.4, the accordion widget (includes/widgets/accordion.php) accepts a ‘title_html_tag’ parameter. Although the element control lists a fixed ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:16 | 回复:0
  • CVE-2021-24203
    CVE漏洞
    CVE-2021-24203
    In the Elementor Website Builder WordPress plugin before 3.1.4, the divider widget (includes/widgets/divider.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed set of p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:15 | 回复:0
  • CVE-2021-24202
    CVE漏洞
    CVE-2021-24202
    In the Elementor Website Builder WordPress plugin before 3.1.4, the heading widget (includes/widgets/heading.php) accepts a ‘header_size’ parameter. Although the element control lists a fixed set of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:16 | 回复:0
  • CVE-2021-24201
    CVE漏洞
    CVE-2021-24201
    In the Elementor Website Builder WordPress plugin before 3.1.4, the column element (includes/elements/column.php) accepts an ‘html_tag’ parameter. Although the element control lists a fixed ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:21 | 回复:0
  • CVE-2021-24196
    CVE漏洞
    CVE-2021-24196
    The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘token_error’ parameter can be controlled by users and it is dir ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:21 | 回复:0
  • CVE-2021-24187
    CVE漏洞
    CVE-2021-24187
    The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before b ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:22 | 回复:0
  • CVE-2021-24186
    CVE漏洞
    CVE-2021-24186
    The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:24 | 回复:0
  • CVE-2021-24185
    CVE漏洞
    CVE-2021-24185
    The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploite ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:17 | 回复:0
  • CVE-2021-24184
    CVE漏洞
    CVE-2021-24184
    Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privile ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:21 | 回复:0
  • CVE-2021-24183
    CVE漏洞
    CVE-2021-24183
    The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:11 | 回复:0
  • CVE-2021-24182
    CVE漏洞
    CVE-2021-24182
    The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that cou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:23 | 回复:0
  • CVE-2021-24181
    CVE漏洞
    CVE-2021-24181
    The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that cou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:27 | 回复:0
  • CVE-2021-24180
    CVE漏洞
    CVE-2021-24180
    Unvalidated input and lack of output encoding within the Related Posts for WordPress plugin before 2.0.4 lead to a Reflected Cross-Site Scripting (XSS) vulnerability within the 'lang' GET para ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:12 | 回复:0
  • CVE-2021-24177
    CVE漏洞
    CVE-2021-24177
    In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:20 | 回复:0
  • CVE-2021-24176
    CVE漏洞
    CVE-2021-24176
    The JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:17 | 回复:0
  • CVE-2021-24175
    CVE漏洞
    CVE-2021-24175
    The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:12 | 回复:0
  • CVE-2021-24174
    CVE漏洞
    CVE-2021-24174
    The Database Backups WordPress plugin through 1.2.2.6 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the database, change the plug ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:12 | 回复:0
  • CVE-2021-24173
    CVE漏洞
    CVE-2021-24173
    The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as update the plugin's options, leading to a Stored Cross- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:12 | 回复:0
  • CVE-2021-24172
    CVE漏洞
    CVE-2021-24172
    The VM Backups WordPress plugin through 1.0 does not have CSRF checks, allowing attackers to make a logged in user unwanted actions, such as generate backups of the DB, plugins, and current .……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:14 | 回复:0
  • CVE-2021-24171
    CVE漏洞
    CVE-2021-24171
    The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extensio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:7 | 回复:0
  • CVE-2021-24170
    CVE漏洞
    CVE-2021-24170
    The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. T ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:19 | 回复:0
  • CVE-2021-24169
    CVE漏洞
    CVE-2021-24169
    This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:17 | 回复:0
  • CVE-2021-24168
    CVE漏洞
    CVE-2021-24168
    The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authent ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:14 | 回复:0
  • CVE-2021-24167
    CVE漏洞
    CVE-2021-24167
    When visiting a site running Web-Stat 1.4.0, the wts_web_stat_load_init function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_accoun ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:10 | 回复:0
  • CVE-2021-24166
    CVE漏洞
    CVE-2021-24166
    The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attacker ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:18 | 回复:0
  • CVE-2021-24165
    CVE漏洞
    CVE-2021-24165
    In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no pro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:8 | 回复:0
  • CVE-2021-24164
    CVE漏洞
    CVE-2021-24164
    In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to est ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:8 | 回复:0
  • CVE-2021-24163
    CVE漏洞
    CVE-2021-24163
    The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:16 | 回复:0
  • CVE-2021-24162
    CVE漏洞
    CVE-2021-24162
    In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to inc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:29 | 阅读:13 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap