Show filters
18 Total Results
Displaying 11-18 of 18
Sort by:
Attacker Value
Unknown

CVE-2022-3419

Disclosure Date: October 31, 2022 (last updated December 22, 2024)
The Automatic User Roles Switcher WordPress plugin before 1.1.2 does not have authorisation and proper CSRF checks, allowing any authenticated users like subscriber to add any role to themselves, such as administrator
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-37403

Disclosure Date: August 30, 2022 (last updated October 08, 2023)
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela's Add User Role plugin <= 0.0.1 at WordPress.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24984

Disclosure Date: December 27, 2021 (last updated October 07, 2023)
The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-18566

Disclosure Date: August 20, 2019 (last updated November 27, 2024)
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
0
0
Attacker Value
Unknown

CVE-2017-2171

Disclosure Date: May 22, 2017 (last updated November 26, 2024)
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit…
0
0
Attacker Value
Unknown

CVE-2011-1696

Disclosure Date: October 08, 2011 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
0
0
Attacker Value
Unknown

CVE-2011-2227

Disclosure Date: October 08, 2011 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 709603.
0
0
Attacker Value
Unknown

CVE-2008-5095

Disclosure Date: November 14, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the Novell User Application 3.0.1, 3.5.0, and 3.5.1; and Identity Manager Roles Based Provisioning Module 3.6.0 and 3.6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
0
0
View More Topics  < Previous