EUVD-2024-51355

Malicious code in bioql PyPI...

WordPress WP Projects Portfolio with Client Testimonials plugin <= 3.0 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin WP Projects Portfolio versions = 3.0...

WordPress WP Projects Portfolio with Client Testimonials plugin <= 3.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin WP Projects Portfolio versions = 3.0...

CVE-2024-13115

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-13114

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-13114 WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...