1. Reverse Engineering >
  2. Exploits >
  3. FormBuilder Plugin up to 1.5 on WordPress cross site scripting

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

FormBuilder Plugin up to 1.5 on WordPress cross site scripting


Exploits vom | Direktlink: vuldb.com Nachrichten Bewertung

A vulnerability was found in FormBuilder Plugin up to 1.5 on WordPress (WordPress Plugin). It has been rated as problematic. This issue affects an unknown part. Upgrading to version 1.06 eliminates this vulnerability....

Externe Webseite mit kompletten Inhalt öffnen



https://vuldb.com/?id.140507

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Ensure latest comments can only be viewed from public posts

    vom 1395.84 Punkte ic_school_black_18dp
    Issue where comments from password-protected posts and pages could be displayed under certain conditions. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor
  • Add a new filter to extend set-screen-option

    vom 1347.7 Punkte ic_school_black_18dp
    Issue where set-screen-option could be misused by plugins leading to privilege escalation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Prevent HTML decoding on by setting the proper editor context

    vom 1347.7 Punkte ic_school_black_18dp
    XSS issue where authenticated users with low privileges were able to add JavaScript to posts in the block editor. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 Wor
  • Ensure that wp_validate_redirect() sanitizes a wider variety of characters

    vom 1347.7 Punkte ic_school_black_18dp
    Open redirect issue in wp_validate_redirect(). This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Update `wp_kses_bad_protocol()` to recognize `:` on uri attributes

    vom 1221.82 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • Authenticated XSS issue via theme uploads

    vom 1214.41 Punkte ic_school_black_18dp
    Unescaped variable could lead to authenticated XSS issue via theme uploads. This vulnerability affects the following application versions: WordPress 3.8 WordPress 3.8.1 WordPress 3.8.2
  • Issues related to referrer validation in the admin

    vom 1151.47 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1147.77 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1147.77 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • A server-side request forgery in the way that URLs were validated

    vom 1147.77 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1088.53 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 1025.15 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7

Team Security Diskussion über FormBuilder Plugin up to 1.5 on WordPress cross site scripting