CVE-2024-24865 WordPress Scroll Triggered Box Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3...

WordPress plugin Author Box, Guest Author and Co-Authors for Your Posts security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress plugin Scroll Triggered Box Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plguin Meta Box Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

PT-2024-14994 · WordPress · The Meta Box – Wordpress Custom Fields Framework

Name of the Vulnerable Software and Affected Versions: The Meta Box – WordPress Custom Fields Framework plugin versions up to, and including, 5.9.2 Description: The issue is related to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode due to...

WooCommerce Box Office < 1.2.3 - Missing Authorization

Description The WooCommerce Box Office plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

Scroll Triggered Box <= 2.3 - Authenticated (Editor+) Stored Cross-Site Scripting

Description The Scroll Triggered Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above, to injec...

PT-2024-20621 · Unknown · Noah Kagan Scroll Triggered Box

Name of the Vulnerable Software and Affected Versions: Noah Kagan Scroll Triggered Box versions n/a through 2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacke...

WordPress Scroll Triggered Box Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS)

Software Scroll Triggered Box Type Plugin Vulnerable versions = 2.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24865 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9586aedeb1e2 Credits savphill Required privilege Editor...

Sql injection

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

WordPress WooCommerce Box Office Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e62ee904d23 Credits Rafie Muhammad...

CVE-2022-47072

SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box...

CVE-2022-47072

CVE-2022-47072 affects Sparx Systems Enterprise Architect 16.0.1605 (32-bit). The vulnerability is a SQL injection in the Find parameter of the Select Classifier dialog box, enabling execution of arbitrary SQL commands. Root cause: unsafely handling user-controlled input in the dialog’s Find para...

Popup Box Pro < 7.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...

Popup Box Pro < 20.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a new popup and add the following payload in the Custom Content: alert1; Save,...

Popup Box Pro < 7.9.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a new popup and add the following payload in the Custom Content: Save, and...

PT-2024-12146 · Corax · Corax

Name of the Vulnerable Software and Affected Versions: Corax affected versions not specified Description: The issue concerns Corax, an extensible edge-coverage-guided grey-box fuzzing framework written in PHP. It is designed to automatically detect and report vulnerabilities for PHP applications,...

CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...