CVE-2021-24988

The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprssdismissaddonnotice AJAX action missing authorisation and CSRF checks, allowing any authenticated...

Samba Information Leak Vulnerability (CVE-2018-14628)

Samba is prone to an information leak vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

CVE-2022-4751

The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

PT-2023-15384 · WordPress · Word Balloon

Name of the Vulnerable Software and Affected Versions: Word Balloon WordPress plugin versions prior to 4.19.3 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins, due ...

PT-2021-16394 · WordPress · Wp Rss Aggregator

Name of the Vulnerable Software and Affected Versions: WP RSS Aggregator versions prior to 4.19.3 Description: The issue is related to a Stored XSS problem. It occurs because data is not properly sanitised and escaped before being output in the System Info admin dashboard. This is due to the wprs...