14 matches found
EUVD-2024-19854
Malicious code in bioql PyPI...
CVE-2024-22293
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...
CVE-2024-7850
The BP Profile Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.7.5. This is due to missing or incorrect nonce validation on the bpsajaxfieldselector, bpsajaxtemplateoptions, and bpsajaxfieldrow functions. This makes it possible for...
WordPress plugin BP Profile Search 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress BP Profile Search Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software BP Profile Search Type Plugin Vulnerable versions = 5.7.5 Fixed in 5.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7850 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c231ea7c4aad Credits vgo0 Required...
CVE-2024-22293
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...
CVE-2024-22293
The CVE-2024-22293 entry concerns the WordPress BP Profile Search plugin (versions n/a through 5.5). Affected component: BP Profile Search input handling leads to Reflected XSS (Cross-site Scripting). Root cause: improper neutralization of input during web page generation. Impact per sources: att...
CVE-2024-22293 WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5...
PT-2024-19314 · Andrea Tarantini · Bp Profile Search
Name of the Vulnerable Software and Affected Versions: Andrea Tarantini BP Profile Search versions n/a through 5.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...
WordPress plugin BP Profile Search 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress BP Profile Search Plugin <= 5.5 is vulnerable to Cross Site Scripting (XSS)
Software BP Profile Search Type Plugin Vulnerable versions = 5.5 Fixed in 5.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22293 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5fc1725a4a59 Credits Le Ngoc Anh Required privilege...
WordPress BP Profile Search Plugin <= 4.5.3 - PHP Object Injection
This plugin is prone to a PHP object injection vulnerability. Solution Update the plugin...
BP Profile Search <= 4.5.3 - PHP Object Injection
The plugin bp-profile-search insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. This vulnerability was patched in version 4.6, information is being released now as a disclosure period has expired...