EUVD-2023-57991

Malicious code in bioql PyPI...

EUVD-2022-43943

Malicious code in bioql PyPI...

CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5704

The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5704 CPO Shortcodes <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers...

CVE-2023-5704

CVE-2023-5704 refers to the CPO Shortcodes plugin for WordPress (versions

WordPress Plugin CPO Shortcodes Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-32277 · WordPress · Cpo Shortcodes

Name of the Vulnerable Software and Affected Versions: CPO Shortcodes plugin for WordPress versions up to, and including, 1.5.0 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticated...

WordPress CPO Shortcodes Plugin <= 1.5.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Shortcodes Type Plugin Vulnerable versions = 1.5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5704 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 2297e8ebd0f5 Credits István Márton Required...

WordPress CPO Shortcodes plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-40672

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...

CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...

CVE-2022-40672

CVE-2022-40672 corresponds to an authenticated (admin+) Stored XSS vulnerability in the WordPress CPO Shortcodes plugin, affecting versions prior to 1.5.0. The core issue is lack of proper filtering/escaping of user-supplied data in the plugin, enabling stored XSS when an admin-user interacts wit...

PT-2022-25470 · WordPress · Cpo Shortcodes

Name of the Vulnerable Software and Affected Versions: CPO Shortcodes plugin versions prior to 1.5.0 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into t...

WordPress plugin CPO Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CPO Shortcodes <= 1.5.0 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by ptsfence Patchstack Alliance in WordPress CPO Shortcodes plugin versions = 1.5.0 . Solution Deactivate and delete. This plugin has been closed as of September 14, 2022 and is not available for download. This closure is...