Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-48258

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00394EPSS
Exploits0References1
CVE
CVE
added 2023/04/23 9:52 a.m.67 views

CVE-2022-45361

CVE-2022-45361 affects the WordPress plugin 0mk Shortener up to version 0.2. The root cause is inadequate sanitisation/escaping of settings, enabling an authenticated admin+ to perform a Stored XSS, even when unfiltered_html is disallowed. Impact is described as admin-level XSS with low confident...

5.9CVSS5AI score0.00394EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/04/23 12:0 a.m.5 views

WordPress Plugin 0mk Shortener 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.2AI score0.00394EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/02/07 12:0 a.m.13 views

WordPress 0mk Shortener Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software 0mk Shortener Type Plugin Vulnerable versions = 0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-2933 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ca425f76b250 Credits Juampa Rodríguez Required...

8.8CVSS5.7AI score0.00512EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/02/06 7:15 p.m.21 views

CVE-2022-2933

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

8.8CVSS8.5AI score0.00512EPSS
Exploits1References3
CVE
CVE
added 2023/02/06 6:9 p.m.59 views

CVE-2022-2933

CVE-2022-2933 (0mk Shortener WordPress plugin) is a Cross-Site Request Forgery vulnerability in versions up to 0.2 caused by missing or incorrect nonce validation in the zeromk_options_page function. This allows unauthenticated attackers to inject malicious scripts via the zeromk_user and zeromk_...

8.8CVSS8.3AI score0.00512EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/06 6:9 p.m.11 views

CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

5.4CVSS7.2AI score0.00512EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/06 6:9 p.m.30 views

CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

5.4CVSS8.6AI score0.00512EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2023/02/06 12:0 a.m.30 views

0mk Shortener <= 0.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

8.8CVSS8.3AI score0.00512EPSS
Exploits1
Rows per page
Query Builder