3642 matches found
CVE-2024-1204
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...
CVE-2024-1204
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...
CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...
CVE-2024-1204 Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure
The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts...
WordPress Plugin Meta Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Meta Box – WordPress Custom Fields Framework Plugin < 5.9.4 is vulnerable to Broken Access Control
Software Meta Box – WordPress Custom Fields Framework Type Plugin Vulnerable versions 5.9.4 Fixed in 5.9.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc7a0ef7141a Credits Sco...
PT-2024-17414 · WordPress · Meta Box
Name of the Vulnerable Software and Affected Versions: Meta Box WordPress plugin versions prior to 5.9.4 Description: The issue allows users with at least the contributor role to access arbitrary custom fields assigned to other user's posts. Recommendations: For versions prior to 5.9.4, update to...
WordPress Gallery Box plugin <= 1.7.33 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin Gallery Box versions = 1.7.33...
CVE-2024-30879
Reflected Cross Site Scripting XSS vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the boxId parameter in the image cropping function...
WordPress Gallery Box Plugin <= 1.7.33 is vulnerable to Cross Site Request Forgery (CSRF)
Software Gallery Box Type Plugin Vulnerable versions = 1.7.33 Fixed in 1.7.34 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32110 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f23c5a18d62c Credits Dhabaleshwar Das...
Counter Box < 1.2.4 - Counter Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
WordPress Plugin Popup Like box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Counter Box < 1.2.4 - Counter Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such deleting counters via CSRF attacks Make a logged in admin open an HTML file where ID is a valid ID: action...
PT-2024-24034 · Unknown · Popup Like Box
Name of the Vulnerable Software and Affected Versions: Popup Like box versions 3.7.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject malicious...
Popup Box < 2.2.7 - Popup Deletion via CSRF
Description The plugin does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks PoC Make a logged in admin open an HTML file where ID is a valid ID: action...
CVE-2024-31386
Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...
CVE-2024-31386 Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery CSRF vulnerability in Hidekazu Ishikawa X-T9, Hidekazu Ishikawa Lightning, themeinwp Default Mag, Out the Box Namaha, Out the Box CityLogic, Marsian i-max, Jetmonsters Emmet Lite, Macho Themes Decode, Wayneconnor Sliding Door, Out the Box Shopstar!, Modernthemesnet...
WordPress Element Pack Elementor Addons plugin <= 5.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Trailer Box Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Trailer Box Widget vulnerability discovered by Nikolas in WordPress Plugin Element Pack Elementor Addons versions = 5.5.3...
CVE-2024-2185
The Beaver Builder Addons by WPZOOM plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-2138
The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animated Box widget in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...