14 matches found
EUVD-2023-34080
Malicious code in bioql PyPI...
CVE-2023-2606
The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2606
The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2606
The CVE refers to WP Brutal AI, a WordPress plugin, with versions before 2.06 vulnerable to Stored XSS due to incomplete sanitisation/escaping of settings. Affected: WP Brutal AI plugin for WordPress; root cause: improper sanitisation/escaping of settings; impact: stored XSS that could be exploit...
WordPress plugin WP Brutal AI cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress WP Brutal AI Plugin < 2.06 is vulnerable to Cross Site Scripting (XSS)
Software WP Brutal AI Type Plugin Vulnerable versions 2.06 Fixed in 2.06 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2606 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 658179337e78 Credits Taurus Omar Required privilege...
WordPress WP Brutal AI Cross Site Scripting
Tittle: WordPress Plugin WP Brutal AI 2.0.1 - Admin + Reflected XSS References: CVE-2023-2605 Author: Taurus Omar Description: The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logge...
WordPress WP Brutal AI Cross Site Scripting
Tittle: WordPress Plugin WP Brutal AI " 3. Save the changes to trigger XSS. Classification: Type XSS OWASP top 10 A7: Cross-Site Scripting XSS CWE-79 wpScan: https://wpscan.com/vulnerability/62deb3ed-a7e4-4cdc-a615-cad2ec2e1e8f...
WordPress WP Brutal AI Cross Site Request Forgery / SQL Injection
Tittle: WordPress Plugin WP Brutal AI 2.0.0 - SQL Injection via CSRF References: CVE-2023-2601 Author: Taurus Omar Description: The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. Affects Plugin...
CVE-2023-2605 WP Brutal AI < 2.0.1 - Admin+ Reflected XSS
The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin...
WordPress plugin WP Brutal AI SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists i...
WordPress plugin WP Brutal AI 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
WordPress WP Brutal AI Plugin < 2.0.0 is vulnerable to SQL Injection
Software WP Brutal AI Type Plugin Vulnerable versions 2.0.0 Fixed in 2.0.0 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2601 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f38258806195 Credits Taurus Omar Required privilege Administrator Published ...
WordPress WP Brutal AI Plugin < 2.0.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Brutal AI Type Plugin Vulnerable versions 2.0.1 Fixed in 2.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2605 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID de920688e9b7 Credits Taurus Omar Required privileg...