28 matches found
EUVD-2021-11646
Malware in sbrugna...
EUVD-2021-11647
Malware in sbrugna...
EUVD-2022-51877
Malicious code in bioql PyPI...
EUVD-2024-26891
Malicious code in bioql PyPI...
EUVD-2024-53076
Malicious code in bioql PyPI...
CVE-2024-29917
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9...
CVE-2022-4542
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2021-24734
The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24735
The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...
CVE-2024-56279
Server-Side Request Forgery SSRF vulnerability in mra13 Compact WP Audio Player compact-wp-audio-player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through = 1.9.14...
CVE-2024-56279
CVE-2024-56279 is a Server-Side Request Forgery (SSRF) vulnerability in Compact WP Audio Player (WordPress plugin) affecting versions up to 1.9.14. The issue is rated CVSS v3.1 base score 6.4 (Medium). Public records indicate the vulnerability is present in the plugin and has been addressed in pa...
WordPress Compact WP Audio Player plugin <= 1.9.14 - Server Side Request Forgery (SSRF) vulnerability
Server Side Request Forgery SSRF vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin Compact WP Audio Player versions = 1.9.14...
WordPress Compact WP Audio Player Plugin <= 1.9.13 is vulnerable to Cross Site Scripting (XSS)
Software Compact WP Audio Player Type Plugin Vulnerable versions = 1.9.13 Fixed in 1.9.14 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10176 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 039bee66f701 Credits theviper17y...
CVE-2024-29917 WordPress Compact WP Audio Player plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9...
CVE-2024-29917
CVE-2024-29917 corresponds to Compact WP Audio Player. Connected sources confirm a stored XSS vulnerability in Compact WP Audio Player, exploitable via fileurl with authenticated access. Affected range includes 1.9.9 and earlier. The Wordfence entry indicates the issue has a patch status of Patch...
CVE-2024-29917 WordPress Compact WP Audio Player plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Compact WP Audio Player allows Stored XSS.This issue affects Compact WP Audio Player: from n/a through 1.9.9...
WordPress Compact WP Audio Player Plugin <= 1.9.9 is vulnerable to Cross Site Scripting (XSS)
Software Compact WP Audio Player Type Plugin Vulnerable versions = 1.9.9 Fixed in 1.9.10 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29917 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d586fd4df20f Credits LVT-tholv2k Required privileg...
Cross site scripting
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2022-4542
The CVE-2022-4542 issue affects the Compact WP Audio Player WordPress plugin prior to version 1.9.8. It arises from not validating and escaping certain shortcode attributes before output, allowing a user with as little as Contributor privileges to perform Stored XSS against higher-privilege users...
CVE-2022-4542 Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...