CVE-2023-5291

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5291

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

Cross site scripting

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5291 Blog Filter <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5291

CVE-2023-5291 affects the WordPress plugin Blog Filter. The vulnerability is a Stored XSS in the AWL-BlogFilter shortcode, arising from insufficient input sanitization and output escaping on user-supplied shortcode attributes. Impact is limited to authenticated users with contributor-level permis...

WordPress Plugin Blog Filter Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-32012 · WordPress · Blog Filter

Name of the Vulnerable Software and Affected Versions: Blog Filter plugin for WordPress versions up to, and including, 1.5.3 Description: The issue is related to Stored Cross-Site Scripting via the 'AWL-BlogFilter' shortcode due to insufficient input sanitization and output escaping on...

WordPress Blog Filter Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Blog Filter Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.5.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5291 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 61a563234154 Credits Lana Codes Required privileg...

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined...

CVE-2023-5295

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

CVE-2023-5295

CVE-2023-5295 affects the WordPress plugin Blog Filter (up to version 1.4). Root cause: insufficient input sanitization and output escaping on user-supplied attributes in the vivafbcomment shortcode, allowing stored Cross-Site Scripting. Exploitation requires at least contributor-level authentica...

WordPress plugin Blog Filter Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-32016 · WordPress · Blog Filter

Name of the Vulnerable Software and Affected Versions: The Blog Filter plugin for WordPress versions up to, and including, 1.4 Description: The issue is related to Stored Cross-Site Scripting via the 'vivafbcomment' shortcode due to insufficient input sanitization and output escaping on...

CVE-2023-43381

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...

CVE-2023-43381

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...

CVE-2023-43381

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...

Sql injection

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...

Tianchoy Blog SQL Injection Vulnerability

Tianchoy Blog is a blog site for Tianchoy's personal developers. A SQL injection vulnerability exists in Tianchoy Blog version v.1.8.8, which allows remote attackers to obtain sensitive information via the id parameter in login.php...

CVE-2023-43381

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...

CVE-2023-43381

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...