CVE-2024-1814

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

CVE-2024-9222

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.12.8. This makes ...

WordPress plugin Paid Membership Subscriptions 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2023-39517 Cross site scripting (XSS) when clicking on an untrusted `<map>` link in Joplin

Joplin is a free, open source note taking and to-do application. A Cross site scripting XSS vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer packages/renderer/htmlUtils.ts::sanitizeHtml preserves links. However,...

Joplin Security Vulnerabilities

Joplin is an open source notes and to-do list application. A security vulnerability exists in Joplin versions prior to 2.12.8. An attacker can exploit the vulnerability to execute arbitrary shell commands...

CVE-2024-1815

The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Gallery block in all versions up to, and including, 2.12.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

WordPress Spectra plugin <= 2.12.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Spectra versions = 2.12.8...

PT-2024-18331 · WordPress · Spectra

Name of the Vulnerable Software and Affected Versions: Spectra – WordPress Gutenberg Blocks plugin versions up to, and including, 2.12.8 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Image Gallery block, allowing...

WordPress plugin Spectra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Spectra Plugin <= 2.12.8 is vulnerable to Cross Site Scripting (XSS)

Software Spectra Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1814 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8365e8ec8dfb Credits wesley wcraft Required privile...

WordPress plugin Spectra 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Paid Memberships Pro Plugin <= 2.12.8 is vulnerable to Sensitive Data Exposure

Software Paid Memberships Pro Type Plugin Vulnerable versions = 2.12.8 Fixed in 2.12.9 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE N/A Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 077d0e5b70f8 Credits Scott Kingsley Clark Required...

Mandriva Update for gnutls MDVSA-2012:040 (gnutls)

Check for the Version of gnutls OpenVAS Vulnerability Test Mandriva Update for gnutls MDVSA-2012:040 gnutls Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...