26 matches found
EUVD-2023-58916
Malicious code in bioql PyPI...
EUVD-2021-29707
Malicious code in bioql PyPI...
EUVD-2023-58915
Malicious code in bioql PyPI...
CVE-2023-6695
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...
CVE-2023-6694
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers...
CVE-2021-42749
In Beaver Themer, attackers can bypass conditional logic controls for hiding content when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set...
CVE-2023-6694
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers...
CVE-2023-6695
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...
CVE-2023-6694
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers...
CVE-2023-6695
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...
CVE-2023-6694 Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers...
CVE-2023-6694 Beaver Themer <= 1.4.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode
The Beaver Themer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers...
CVE-2023-6694
Beaver Themer (WordPress plugin) contains a Stored XSS in shortcode handling for versions up to 1.4.9, exploitable by authenticated users with contributor+ permissions; the vulnerability allows injection of scripts that execute when pages are viewed. No public patch/mitigation details are provide...
CVE-2023-6695 Beaver Themer <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode
The Beaver Themer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the 'wpbb' shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including arbitrary usermet...
CVE-2023-6695
Beaver Themer (WordPress) is associated with CVE-2023-6695 describing Sensitive Information Exposure via the wpbb shortcode in all versions up to and including 1.4.9. The vulnerability allows authenticated attackers withContributor+ access to extract sensitive data, including arbitrary user_meta ...
WordPress Plugin Beaver Themer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15053 · WordPress · Beaver Themer
Name of the Vulnerable Software and Affected Versions: Beaver Themer plugin for WordPress versions up to, and including, 1.4.9 Description: The issue allows authenticated attackers with contributor access and above to extract sensitive data, including arbitrary user meta values, via the 'wpbb'...
WordPress Plugin Beaver Themer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Beaver Themer plugin <= 1.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via shortcode vulnerability
Authenticated Contributor+ Sensitive Information Exposure via shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Themer versions = 1.4.9...
WordPress Beaver Themer Plugin <= 1.4.9 is vulnerable to Sensitive Data Exposure
Software Beaver Themer Type Plugin Vulnerable versions = 1.4.9 Fixed in 1.4.9.1 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-6695 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 46037e2368f0 Credits Francesco Carlucci Require...