3642 matches found
CVE-2025-2671
A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. Th...
WordPress Amazing service box Addons For WPBakery Page Builder plugin <= 2.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability
Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Avraham Shemesh in WordPress Plugin Amazing service box Addons For WPBakery Page Builder versions = 2.0.0...
CVE-2024-13731
The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-13731 Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block
The Alert Box Block – Display notice/alerts in the front end. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Alert Box block in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-13731
CVE-2024-13731 – The Alert Box Block plugin for WordPress (all versions up to 1.1.3) is affected by a Stored XSS due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access and above to inject scripts on...
WordPress plugin Alert Box Block 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin Alert B...
WordPress Alert Box Block – Display notice/alerts in the front end plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by WordFence in WordPress Plugin Alert Box Block – Display notice/alerts in the front end versions = 1.1.3...
WordPress Fiverr.com Official Search Box plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Fiverr.com Official Search Box versions = 1.0.8...
CVE-2025-2484
The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'videoid' and 'groupid' parameters in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
The vulnerability of the Bitdefender BOX 1 device for protecting appliances and gadgets lies in the lack of measures taken at the control level to clean data. This allows a perpetrator to execute arbitrary commands.
The vulnerability of the Bitdefender BOX 1 device for protecting appliances and gadgets is related to the lack of measures taken to clean data at the control level during the processing of the final checkpoint /checkimageandtriggerrecovery. Exploiting this vulnerability allows a remote attacker t...
The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices allows a perpetrator to carry out a “man-in-the-middle” type attack.
The vulnerability of the HTTP protocol implementation in Bitdefender BOX 1 devices for device protection involves the transmission of credentials in an unencrypted form. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...
CVE-2025-2671
A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. Th...
CVE-2025-2671 Yue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted upload
A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. Th...
CVE-2025-2671
CVE-2025-2671 affects Yue Lao Blind Box up to version 4.0. The vulnerability lies in the base64image function of /app/controller/Upload.php, where manipulation of the data parameter leads to unrestricted file uploads. Exploitation is possible remotely, and the exploit has been disclosed publicly....
CVE-2025-2671 Yue Lao Blind Box 月老盲盒 Upload.php base64image unrestricted upload
A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipulation of the argument data leads to unrestricted upload. The attack can be initiated remotely. Th...
Yue Lao Blind Box 代码问题漏洞
Yue Lao Blind Box 月老瞎盒 is a take-off program by imsue individual developers. A code issue vulnerability exists in Yue Lao Blind Box version 4.0 and prior versions, which stems from an incorrect manipulation of the parameter data that can lead to unlimited uploads...
CVE-2025-2484
The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'videoid' and 'groupid' parameters in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-2484 Multi Video Box <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters
The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'videoid' and 'groupid' parameters in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...
CVE-2025-2484
CVE-2025-2484 : The WordPress plugin Multi Video Box is affected by a Reflected Cross-Site Scripting (XSS) in the parameters video_id and group_id for all versions up to and including 1.5.2. The vulnerability arises from insufficient input sanitization and output escaping, enabling unauthenticate...
CVE-2025-2484 Multi Video Box <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters
The Multi Video Box plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'videoid' and 'groupid' parameters in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...