CVE-2022-23072 Recipes - Stored XSS in Add to Cart

In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting XSS, in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an X...

Recipes 跨站脚本漏洞

Recipes are apps for managing recipes, planning meals, creating shopping lists, and more. A cross-site scripting vulnerability exists in Recipes versions 1.0.5 through 1.2.5, which stems from a filtered escape of user data missing from the name parameter. A low-privileged attacker can exploit thi...

WordPress plugin Google Maps cross-site request forgery vulnerability

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Maps 1.2.1 and previous versions have a cross-site request forgery vulnerability, which can be exploited by attacke...

CVE-2022-29453

Cross-Site Request Forgery CSRF vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update...

CVE-2022-29453

Cross-Site Request Forgery CSRF vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update...

CVE-2022-29453 WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update

Cross-Site Request Forgery CSRF vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update...

CVE-2022-29453 WordPress API KEY for Google Maps plugin <= 1.2.1 - CSRF vulnerability leading to Google Maps API key update

Cross-Site Request Forgery CSRF vulnerability in API KEY for Google Maps plugin = 1.2.1 at WordPress leading to Google Maps API key update...

Information Disclosure

NuGet.org is vulnerable to information disclosure. The vulnerability exists in the ExecuteCommand function in SetApiKeyCommand.cs due to a lack of sanitization in api key which allows an attacker to get access to sensitive information...

WordPress plugin Google Maps 跨站请求伪造漏洞

WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Maps 1.2.1 and previous versions have a cross-site request forgery vulnerability, which can be exploited by attacke...

WordPress Google Places Reviews plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Potential leak of NuGet.org API key

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0. This advisory also provides guidance on what...

GHSA-3885-8GQC-3WPF Potential leak of NuGet.org API key

Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0. This advisory also provides guidance on what...

PT-2022-7020 · Microsoft +4 · Net Core +10

Name of the Vulnerable Software and Affected Versions: .NET versions prior to 6.0.6 .NET Core versions prior to 3.1.26 NuGet versions prior to 6.2.1 NuGet.exe versions prior to 6.2.1 NuGet.Commands versions prior to 6.2.1 NuGet.CommandLine versions prior to 6.2.1 NuGet.CommandLine.XPlat versions...

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

CVE-2022-1656

Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...

CVE-2022-1656

Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...

Design/Logic Flaw

Vulnerable versions of the JupiterX Theme =2.0.6 allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterxapiajax actions registered by the JupiterX Core Plugin =2.0.6. This includes the...

Cross site scripting

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

CVE-2022-1656

CVE-2022-1656 affects JupiterX Theme and JupiterX Core Plugin (versions