3642 matches found
WordPress Popup Box plugin < 4.7.8 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Popup box versions 4.7.8...
FlowPure: Continuous Normalizing Flows for Adversarial Purification
Despite significant advancements in the area, adversarial robustness remains a critical challenge in systems employing machine learning models. The removal of adversarial perturbations at inference time, known as adversarial purification, has emerged as a promising defense strategy. To achieve...
PT-2025-22038 · Unknown · Lloyd Saunders Author Box After Posts
Name of the Vulnerable Software and Affected Versions: Lloyd Saunders Author Box After Posts versions 1.6 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks...
PT-2025-22029 · WordPress · Sanjeev Mohindra Author Box Plugin With Different Description
Name of the Vulnerable Software and Affected Versions: Sanjeev Mohindra Author Box Plugin With Different Description versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For Sanjeev Mohindra...
Traceable Black-Box Watermarks for Federated Learning
Whitepaper called Traceable Black-Box Watermarks For Federated Learning...
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9599
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Nokaut Offers Box plugin <= 1.4.0 - Plugin Reset via CSRF vulnerability
Plugin Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Nokaut Offers Box versions = 1.4.0...
CVE-2024-9599
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9599
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9599 Popup Box < 4.7.8 - Admin+ Stored XSS
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9599 Popup Box < 4.7.8 - Admin+ Stored XSS
The Popup Box WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9599
CVE-2024-9599 affects the WordPress Popup Box plugin prior to version 4.7.8. The vulnerability stems from not sanitising/escaping certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., in multisite). CVSSv3.1 base score 5.4 (Med...
CVE-2024-10632
The CVE-2024-10632 entry concerns the Nokaut Offers Box WordPress plugin (versions 1.4.0 and earlier). The underlying issue is that the plugin does not sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as...
CVE-2024-10632 Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...