Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing sanitization in the href attribute of the tag while working with data-slide and data-slide-to attributes. This could enable an attacker to execute arbitrary JavaScript within the victim's browser...

CVE-2024-43349

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.19...

CVE-2024-43349 WordPress All Bootstrap Blocks plugin <= 1.3.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.19...

CVE-2024-43349 WordPress All Bootstrap Blocks plugin <= 1.3.19 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in allbootstrapblocks All Bootstrap Blocks all-bootstrap-blocks.This issue affects All Bootstrap Blocks: from n/a through = 1.3.19...

CVE-2024-43349

CVE-2024-43349 is an XSS vulnerability in All Bootstrap Blocks for WordPress (vulnerable before 1.3.19). Root cause: improper neutralization of input during web page generation, enabling stored XSS. CVSSv3.1 base score 6.5 (Network, Low attack complexity, User interaction required, Privileges Low...

WordPress plugin All Bootstrap Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress All Bootstrap Blocks plugin <= 1.3.19 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by NGÔ THIÊN AN Patchstack Alliance in WordPress Plugin All Bootstrap Blocks versions = 1.3.19...

WordPress All Bootstrap Blocks Plugin <= 1.3.19 is vulnerable to Cross Site Scripting (XSS)

Software All Bootstrap Blocks Type Plugin Vulnerable versions = 1.3.19 Fixed in 1.3.20 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43349 Patch priority Low CVSS severity Low 6.5 Developer AREOI PSID 1ee70b8e314c Credits Ngô Thiên An ancorn from VNPT-VCI Require...

CVE-2024-43140

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4...

CVE-2024-43140 WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.4 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ultimate Bootstrap Elements for Elementor: from n/a through 1.4.4...

WordPress plugin Ultimate Bootstrap Elements for Elementor 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CVE-2024-7412

The No Update Nag plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.12. This is due to the plugin allowing direct access to the bootstrap.php file which has displayerrors on. This makes it possible for unauthenticated attackers to retrieve the fu...

CVE-2024-7382

The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of th...

Subscription Health Dashboard Update: Optimize Deployments and Identify Issues

For VM teams navigating the complex realm of cybersecurity tools, ensuring deployment health is paramount. Swift methods are required to pinpoint issues amidst complexity. Challenges such as duplicate entries, ghost hosts, and decommissioned devices can obstruct these views, hindering data...

CVE-2024-7382 Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure

The Linkify Text plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of th...

CVE-2024-7382

CVE-2024-7382 concerns the Linkify Text WordPress plugin. The vulnerability is a Full Path Disclosure in all versions up to and including 1.9.1, caused by the plugin using Bootstrap and leaving test files with display_errors enabled. This allows unauthenticated attackers to retrieve the web app’s...

PT-2024-38328 · WordPress · No Update Nag

Name of the Vulnerable Software and Affected Versions: No Update Nag plugin for WordPress versions up to, and including, 1.4.12 Description: The issue allows unauthenticated attackers to retrieve the full path of the web application, which can aid other attacks. This is due to the plugin allowing...

Malicious code in react-bs4 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 78bc438299611b89dd8a16ca1b19661e9606898bbc7c61bebd4bfd59fe8c3134 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by 4rCanJ0x! Patchstack Alliance in WordPress Plugin Ultimate Bootstrap Elements for Elementor versions = 1.4.4...

WordPress Ultimate Bootstrap Elements for Elementor Plugin <= 1.4.4 is vulnerable to Local File Inclusion

Software Ultimate Bootstrap Elements for Elementor Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-43140 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID 5eacd8a2c878 Credits...