CVE-2023-4035 Simple Blog Card < 1.31 - Contributor+ Stored XSS via Shortcode

The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2023-4036

The CVE-2023-4036 issue affects the Simple Blog Card WordPress plugin (versions before 1.32). Affected behavior: the plugin does not ensure that posts shown via its shortcode are public, allowing any authenticated user (e.g., a subscriber) to retrieve post titles and content, including drafts, pr...

CVE-2023-4035

CVE-2023-4035 affects the Simple Blog Card WordPress plugin prior to 1.31. Public docs indicate insufficient validation/escaping of shortcode attributes, enabling Stored XSS when a user with Contributor+ privileges embeds the shortcode (example provided). Impact is stored XSS in pages/posts where...

WordPress plugin Simple Blog Card 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2023-27410 · WordPress · Simple Blog Card

Name of the Vulnerable Software and Affected Versions: Simple Blog Card WordPress plugin version 1.32 and earlier Description: The issue allows any authenticated user to retrieve arbitrary post titles and their content, including drafts, private posts, and password-protected ones, because the...

PT-2023-27407 · WordPress · Simple Blog Card

Name of the Vulnerable Software and Affected Versions: The Simple Blog Card WordPress plugin versions prior to 1.31 Description: The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...

WordPress plugin Simple Blog Card 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2023-39650

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...

CVE-2023-39650

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...

CVE-2023-39650

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...

Sql injection

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single...

PerfreeBlog 代码问题漏洞

PerfreeBlog is a java-based blog/CMS builder. A security vulnerability exists in Perfree PerfreeBlog version v.3.1.2, which originates from a vulnerability that allows remote attackers to execute arbitrary code via a crafted plugin listed in admin/plugin/access/list...

PrestaShop Theme Volty SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image zoom and other features. A security vulnerability exists in PrestaShop Theme Volty CMS Blog prior to v4.0.1, which stems from t...

PT-2023-27655 · Perfree · Perfreeblog

Name of the Vulnerable Software and Affected Versions: Perfree PerfreeBlog version 3.1.2 Description: An issue in Perfree PerfreeBlog allows a remote attacker to execute arbitrary code via a crafted plugin listed in "admin/plugin/access/list". Recommendations: For Perfree PerfreeBlog version 3.1....

CVE-2023-39650

The CVE-2023-39650 entry corresponds to a SQL injection in the PrestaShop Theme Volty CMS Blog module (tvcmsblog) up to version 4.0.1, exploitable via the id parameter at /tvcmsblog/single. The nuclei template confirms the vulnerability in tvcmsblog up to 4.0.1 and describes impact as arbitrary S...

Beyond Cold Calls: Ringless Voicemail As A Personalized Customer Engagement Tool

By Owais Sultan Ringless voicemail RVM is a technology that allows businesses to deliver pre-recorded messages directly to a customer's voicemail inbox without their phone ringing. This is a post from HackRead.com Read the original post: Beyond Cold Calls: Ringless Voicemail As A Personalized...

CVE-2023-3893

creationtimestamp| type| source ---|---|--- 2023-08-24 08:20:12+00:00| seen| https://t.me/ctinow/132601 2023-09-13 16:55:52+00:00| seen| https://t.me/KomunitiSiber/787 2023-09-13 18:29:02+00:00| seen| Telegram/Eqz54UavaIWHVUW9FJ7x8kPgHx309M56ivVEiN1xHvAsg 2023-09-14 15:21:47+00:00| seen|...

Behind the eight-ball: Why companies struggle with penetration risk

An introduction to a new blog series spotlighting Coalfires upcoming 5th Annual Penetration Risk report...

Akamai World Tour 2023: Let’s Connect on Security and Cloud Innovation

...

PT-2023-26674 · Berkaygediz · Oblog

Name of the Vulnerable Software and Affected Versions: berkaygediz O Blog version 1.0 Description: The issue allows a local attacker to escalate privileges via the secure file priv component. This is a SQL injection vulnerability. Recommendations: For berkaygediz O Blog version 1.0, consider...