The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a...
8.8CVSS
8.5AI Score
0.001EPSS
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf....
6.1CVSS
6AI Score
0.001EPSS
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function toggle_checkbox of the file ban-options.php. The manipulation of the argument $_SERVER["HTTP_USER_AGENT"] leads to cross site scripting. The attack may be initiated remotely. The name of....
6.1CVSS
6AI Score
0.001EPSS
A logic flaw in Ray-Banยฎ Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before...
5.3CVSS
5.2AI Score
0.001EPSS
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php...
5.4CVSS
5.2AI Score
0.002EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the IP Ban (simple-ip-ban) plugin 1.2.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) ip_list, (2) user_agent_list, or (3)...
6.8AI Score
0.003EPSS
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For...
6.7AI Score
0.004EPSS
The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id...
8.8AI Score
0.002EPSS
SQL injection vulnerability in modules/bannieres/bannieres.php in Jean-Christophe Ramos SCRIPT BANNIERES (aka ban 0.1 and PLS-Bannieres 1.21) allows remote attackers to execute arbitrary SQL commands via the id...
8.8AI Score
0.002EPSS