90 matches found
CVE-2023-2171 BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2171 BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-2023-2171
The BadgeOS WordPress plugin vulnerability CVE-2023-2171 is a stored Cross-Site Scripting flaw in versions up to and including 3.7.1.6, caused by insufficient input sanitization and output escaping on shortcode attributes. It allows authenticated attackers with contributor-level and above permiss...
CVE-2023-2174 BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries
The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...
CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...
CVE-2023-2172
CVE-2023-2172 affects the BadgeOS WordPress plugin up to version 3.7.1.6. The issue arises from improper validation and authorization in four AJAX handlers (badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, badgeos_update_ranks_r...
CVE-2023-2174
The CVE-2023-2174 entry concerns the BadgeOS WordPress plugin. A missing capability check in the function delete_badgeos_log_entries allows authenticated users with subscriber-level permissions and above to modify the plugin’s data by deleting log entries. This affects BadgeOS versions up to and ...
CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...
PT-2023-18342 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data by deleting the plugin's log entries due to a missing...
WordPress plugin BadgeOS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress plugin BadgeOS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin BadgeOS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-18341 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos delete step ajax handler, badgeos delete award step ajax handler, badgeos...
PT-2023-18338 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticated attacker...
WordPress plugin BadgeOS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-18340 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos update steps ajax handler, badgeos update award steps ajax handler, badgeos...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2172 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56d76680559e Credits Alex Thomas Required...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Scripting (XSS)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2171 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 965111d21cf9 Credits Alex Thomas Required privilege...
CVE-2022-41987
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...