CVE-2024-31246 WordPress PostX plugin <= 3.2.3 - Author+ Post/Page Duplication vulnerability

Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PostX: from n/a through = 3.2.3...

CVE-2024-5758

Rejected reason: REJECT Duplicate of CVE-2024-4305. Please use CVE-2024-4305 instead...

CVE-2024-5223

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-5223 Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting

The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file uploading feature in all versions up to, and including, 4.1.1 due to insufficient input sanitization and output escaping. This makes it possible...

CVE-2024-5223

CVE-2024-5223 refers to the Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX for WordPress. It is a Stored Cross-Site Scripting (XSS) vulnerability in the plugin’s file uploading feature, affecting all versions up to and including 4.1.1 due to insufficient input sanitization and outpu...

CVE-2024-3239 PostX < 4.0.2 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.0.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Si...

Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX < 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress News & Blog Designer Pack – WordPress Blog Plugin Plugin <= 3.4.1 is vulnerable to Remote Code Execution (RCE)

Software News & Blog Designer Pack – WordPress Blog Plugin Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-5815 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 968958ed229c Credits...

CVE-2023-2435 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Local File Inclusion via Shortcode

The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

CVE-2023-2435 Blog-in-Blog <= 2.0.0 - Authenticated (Editor+) Local File Inclusion via Shortcode

The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files...

CVE-2023-2435

CVE-2023-2435 affects the Blog-in-Blog WordPress plugin, with Local File Inclusion via a shortcode attribute in versions up to 1.1.1. The issue allows editor-level+ attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls and leading to code execut...

WordPress Blog-in-Blog Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software Blog-in-Blog Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2436 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 428c3703ad1d Credits Lana Codes Required privilege...

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting XSS vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur...

CVE-2021-42233

CVE-2021-42233 describes a stored XSS vulnerability in the WonderCMS Simple Blog plugin (version 3.4.1). The issue occurs when a user views a specific blog post hosted on an attacker’s site, allowing the attacker to inject script via vulnerable blog content. The public documentation consistently ...

GHSA-MXFV-C8P8-QW5H baserCMS Cross-site Scripting vulnerability

Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

October CMS - RainLab Blog Plugin XSS

The RainLab Blog Plugin used in October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page...

CVE-2020-18998

Cross Site Scripting XSS in Blogmini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'...

CVE-2020-18998

CVE-2020-18998 affects Blog_mini v1.0 through the vulnerable path /admin/custom/blog-plugin/add where a cross-site scripting (XSS) flaw enables remote attackers to execute arbitrary code. This is supported by multiple sources (NVD/NVD-derived entries, CNVD, OSV, Red Hat advisory) describing the s...

CVE-2019-11565

Server Side Request Forgery SSRF exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter...