Search Results | AttackerKB

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2023-23491

Disclosure Date: January 20, 2023 (last updated October 08, 2023)

The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2022-37339

Disclosure Date: September 02, 2022 (last updated October 08, 2023)

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Meet My Team plugin <= 2.0.5 at WordPress.

Attack Vector: Network Privileges: Low User Interaction: Required

Attacker Value

Unknown

CVE-2021-24767

Disclosure Date: November 08, 2021 (last updated November 28, 2024)

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2017-18536

Disclosure Date: August 21, 2019 (last updated November 27, 2024)

The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.

Attacker Value

Unknown

CVE-2017-1000226

Disclosure Date: November 17, 2017 (last updated November 26, 2024)

Stop User Enumeration 1.3.8 allows user enumeration via the REST API

19 Total Results

Displaying 11-19 of 19

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification