Command Injection

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Command Injection via the extractLLM function. An...

WordPress Advanced Form Integration Plugin < 1.69.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced Form Integration Type Plugin Vulnerable versions 1.69.1 Fixed in 1.69.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b9cd0d3cccb3 Credits Rafie Muhammad...

CVE-2022-4260 WP-Ban < 1.69.1 - Admin+ Stored XSS

The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WP-Ban 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-7909 · WordPress · Wp-Ban

Name of the Vulnerable Software and Affected Versions: WP-Ban WordPress plugin versions prior to 1.69.1 Description: The issue is related to the WP-Ban WordPress plugin not sanitizing and escaping some of its settings, which could allow high privilege users, such as admins, to perform Stored...