9 matches found
EUVD-2022-48258
Malicious code in bioql PyPI...
CVE-2022-45361
CVE-2022-45361 affects the WordPress plugin 0mk Shortener up to version 0.2. The root cause is inadequate sanitisation/escaping of settings, enabling an authenticated admin+ to perform a Stored XSS, even when unfiltered_html is disallowed. Impact is described as admin-level XSS with low confident...
WordPress Plugin 0mk Shortener 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software 0mk Shortener Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-2933 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ca425f76b250 Credits Juampa Rodríguez Required...
CVE-2022-2933
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...
CVE-2022-2933
CVE-2022-2933 (0mk Shortener WordPress plugin) is a Cross-Site Request Forgery vulnerability in versions up to 0.2 caused by missing or incorrect nonce validation in the zeromk_options_page function. This allows unauthenticated attackers to inject malicious scripts via the zeromk_user and zeromk_...
CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...
CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...
0mk Shortener <= 0.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check in its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...