WordPress plugin Simple Author Box security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

Multiple Themes - Reflected XSS

Description The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. PoC https://example.com/?s=katana/asd/...

PT-2023-23939 · Cyberpower · Cyberpower Powerpanel Enterprise

Name of the Vulnerable Software and Affected Versions: CyberPower PowerPanel Enterprise affected versions not specified Description: A non-feature complete authentication mechanism exists in the production application, allowing an attacker to bypass all authentication checks if LDAP authenticatio...

AYS Popup Box Plugin for WordPress < 3.1.3 Cross-Site Scripting

The WordPress AYS Popup Box Plugin installed on the remote host is affected by a Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

VulnCheck KEV: CVE-2021-4332

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 pro and 2.0.6 free. The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately,...

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

GHSA-GCH5-HWQF-MXHP Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

Cross site scripting

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

RUSTSEC-2023-0048 Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

CVE-2022-31455

A cross-site scripting XSS vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box...

CVE-2023-3862

A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be...

CVE-2023-3862

The CVE-2023-3862 issue affects Travelmate Travelable Trek Management Solution 1.0, specifically the Comment Box Handler component. The vulnerability is a Cross-Site Scripting flaw triggered by manipulating the comment parameter, with remote exposure and a high attack complexity. Exploitation is ...

PT-2023-26534 · Unknown · Travelmate Travelable Trek Management Solution

Name of the Vulnerable Software and Affected Versions: Travelmate Travelable Trek Management Solution version 1.0 Description: A vulnerability was found in the component Comment Box Handler of the Travelmate Travelable Trek Management Solution. The manipulation of the comment argument leads to...

Travelmate Travelable Trek Management Solution 跨站脚本漏洞

Travelmate Travelable Trek Management Solution is a business travel software from Travelmate, Inc. A cross-site scripting vulnerability exists in version 1.0 of Travelmate Travelable Trek Management Solution, which originates from an unknown function in the component Comment Box Handler that caus...

CVE-2023-34625

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy BLE is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time...

WordPress Simple Author Box Plugin <= 2.3.22 is vulnerable to Cross Site Scripting (XSS)

Software Simple Author Box Type Plugin Vulnerable versions = 2.3.22 Fixed in 2.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer WebFactory Ltd. PSID a31be070f305 Credits Rafie Muhammad Patchstack Required...

WordPress Cool Author Box - For Widget and Post Content Plugin <= 2.9.5 is vulnerable to Cross Site Scripting (XSS)

Software Cool Author Box - For Widget and Post Content Type Plugin Vulnerable versions = 2.9.5 Fixed in 2.9.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 965a0456c07b Credits...