3642 matches found
WordPress plugin WooCommerce Box Office Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-12459 · Woocommerce · Woocommerce Box Office
Name of the Vulnerable Software and Affected Versions: WooCommerce Box Office versions 1.1.51 and earlier Description: The issue is related to a Missing Authorization vulnerability in Woo WooCommerce Box Office. This vulnerability affects the authorization mechanism, potentially allowing...
CVE-2024-35752
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4...
CVE-2024-35752
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4...
CVE-2024-35752 WordPress Stellissimo Text Box plugin 1.1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4...
CVE-2024-35752 WordPress Stellissimo Text Box plugin 1.1.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4...
CVE-2024-35752
CVE-2024-35752 is a Stored XSS in the Stellissimo Text Box used with Enea Overclokk Stellissimo Text Box. The description notes Improper Neutralization of Input During Web Page Generation and indicates the flaw affects Stellissimo Text Box versions up to 1.1.4 (and possibly earlier “n/a through 1...
WordPress plugin Stellissimo Text Box cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-26706 · Enea · Enea Overclokk Stellissimo Text Box
Name of the Vulnerable Software and Affected Versions: Enea Overclokk Stellissimo Text Box versions through 1.1.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, allowing Stored XSS. This enables attackers t...
WordPress Stellissimo Text Box plugin 1.1.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Stellissimo Text Box versions = 1.1.4...
CVE-2024-5224
The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-5224 Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2024-5224 Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes...
WordPress Stellissimo Text Box Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Stellissimo Text Box Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35752 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 765d260bef25 Credits Cronus Required privilege...
WordPress plugin Easy Social Like Box - Popup - Sidebar Widget Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Easy Social Like Box plugin <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Easy Social Like Box – Popup – Sidebar Widget versions = 4.0...
WordPress Easy Social Like Box – Popup – Sidebar Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)
Software Easy Social Like Box – Popup – Sidebar Widget Type Plugin Vulnerable versions = 4.0 Fixed in 4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5224 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 595d5823e3e8 Credit...
Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied...
PT-2024-35136 · WordPress · The Easy Social Like Box – Popup – Sidebar Widget
Name of the Vulnerable Software and Affected Versions: The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress versions up to, and including, 4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'cardoza facebook like box' shortcode due to...
PT-2024-29756 · WordPress · Themesflat Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Themesflat Addons For Elementor plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to Stored Cross-Site Scripting in the Themesflat Addons For Elementor plugin for WordPress. This is due to insufficien...