11 matches found
EUVD-2023-43747
Malicious code in bioql PyPI...
CVE-2023-3051
The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azhpost' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web...
WordPress plugin Marketing Automation by AZEXO 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Privilege Escalation vulnerability
Privilege Escalation vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Marketing Automation by AZEXO versions = 1.27.80...
WordPress Marketing Automation by AZEXO plugin <= 1.27.80 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Marketing Automation by AZEXO versions = 1.27.80...
CVE-2023-3051
The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azhpost' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web...
CVE-2023-3052
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...
CVE-2023-3051
The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azhpost' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web...
Cross site request forgery (csrf)
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...
Cross site request forgery (csrf)
The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...
PT-2023-22740 · Azexo · The Page Builder By Azexo
Name of the Vulnerable Software and Affected Versions: The Page Builder by AZEXO plugin for WordPress versions up to, and including, 1.27.133 Description: The issue is related to Stored Cross-Site Scripting via the azh post shortcode due to insufficient input sanitization and output escaping. Thi...