Lucene search
K

48 matches found

Patchstack
Patchstack
added 2024/05/10 2:32 p.m.4 views

WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Sticky banner versions = 1.2.0...

5.9CVSS6.1AI score0.00446EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/09 11:14 a.m.14 views

CVE-2024-34429 WordPress Simple Website Banner plugin <= 1.8.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Orchestrated Corona Virus COVID-19 Banner & Live Data allows Stored XSS.This issue affects Corona Virus COVID-19 Banner & Live Data: from n/a through 1.8.0.2...

5.9CVSS6.7AI score0.00446EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/06 11:5 p.m.5 views

WordPress Simple Website Banner plugin <= 1.8.0.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Rayhan Ramdhany Hanaputra Patchstack Alliance in WordPress Plugin Corona Virus COVID-19 Banner & Live Data versions = 1.8.0.3...

5.9CVSS6.1AI score0.00446EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.6 views

The vulnerability of the JKit component – the Banner plugin of the Jeg Elementor Kit, a content management system for WordPress – allows attackers to perform cross-site scripting attacks.

The vulnerability of the JKit component – a banner plugin for Elementor Kit within the WordPress content management system – is related to the lack of protective measures for website page structures. Exploiting this vulnerability allows attackers to perform cross-site scripting attacks remotely...

6.4CVSS5.2AI score0.00531EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/12 10:15 p.m.5 views

CVE-2023-28930

Cross-Site Request Forgery CSRF vulnerability in Robin Phillips Mobile Banner plugin = 1.5 versions...

8.8CVSS7.3AI score0.00309EPSS
Exploits0References1
Prion
Prion
added 2023/11/12 10:15 p.m.14 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Robin Phillips Mobile Banner plugin = 1.5 versions...

6.8CVSS7.5AI score0.00309EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/12 9:32 p.m.46 views

CVE-2023-28930

CVE-2023-28930 is a CSRF vulnerability in the WordPress Mobile Banner plugin, affecting versions ≤ 1.5. The issue allows unauthenticated users to trigger plugin settings changes. Patch status: fixed in version 1.6. Reduction in impact notes that exploitation is unlikely; CVSS/impact reports from ...

8.8CVSS6.5AI score0.00309EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/10/27 9:15 p.m.16 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin = 1.1.3 versions...

4.3CVSS5.2AI score0.0031EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/28 6:15 p.m.22 views

CVE-2023-33315

Cross-Site Request Forgery CSRF vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin = 1.1.2 versions...

8.8CVSS6.5AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2023/05/28 5:11 p.m.35 views

CVE-2023-33315

The CVE-2023-33315 entry describes a CSRF vulnerability in the WordPress Smart App Banner plugin (versions

8.8CVSS7.1AI score0.00264EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.2 views

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

6.4CVSS6.3AI score0.00787EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2022/09/06 5:18 p.m.5 views

CVE-2022-2515 Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

6.4CVSS6.3AI score0.00787EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.30 views

CVE-2022-2515 Simple Banner <= 2.11.0 - Authenticated Stored Cross-Site Scripting

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

6.4CVSS5.9AI score0.00787EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.7 views

CVE-2022-0446

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00444EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

WordPress plugin Simple Banner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

4.8CVSS5AI score0.00444EPSS
Exploits1References2
wpexploit
wpexploit
added 2022/07/26 12:0 a.m.112 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS0.1AI score0.00444EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.22 views

Simple Banner < 2.12.0 - Admin+ Stored Cross Site Scripting

The plugin does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Put the following payloads in the "Simple Banner Text" settings of the plugin: Firefox...

4.8CVSS1.4AI score0.00444EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2022/07/22 12:0 a.m.41 views

Simple Banner < 2.12.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings proversionactivationcode settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.4CVSS2.1AI score0.00787EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2022/01/18 12:0 a.m.4 views

PT-2022-13038 · WordPress · Random Banner

Name of the Vulnerable Software and Affected Versions: Random Banner WordPress plugin versions up to and including 4.1.4 Description: The issue is related to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file. This allow...

4.8CVSS4.9AI score0.04362EPSS
Exploits1References6
OSV
OSV
added 2021/08/23 12:15 p.m.5 views

CVE-2021-24574

The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00676EPSS
Exploits2References2
Rows per page
Query Builder