29 matches found
EUVD-2024-44049
Malicious code in bioql PyPI...
CVE-2024-4426
The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slid...
CVE-2024-4427
The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...
CVE-2024-4422
The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-4422
The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-4426
The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slid...
CVE-2024-4427
The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...
CVE-2024-4427
The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...
CVE-2024-4422
The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-4427 Comparison Slider <= 1.0.5 - Missing Authorization
The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugi...
CVE-2024-4427
CVE-2024-4427 concerns the WordPress plugin Comparison Slider . The vulnerability exists in all versions up to and including 1.0.5 due to a missing capability check on several AJAX actions . This can allow authenticated attackers with subscriber access or higher to modify data, including plugin s...
CVE-2024-4426
CVE-2024-4426 refers to the WordPress plugin “Comparison Slider” (versions up to and including 1.0.5), where a CSRF vulnerability exists due to missing or incorrect nonce validation on several AJAX actions. This allows unauthenticated attackers to forge requests that can change slider titles, del...
CVE-2024-4422 Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access...
CVE-2024-4422 Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Comparison Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slider title parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access...
WordPress Comparison Slider plugin <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Comparison Slider versions = 1.0.5...
WordPress Comparison Slider plugin <= 1.0.5 - Missing Authorization vulnerability
Missing Authorization vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Comparison Slider versions = 1.0.5...
WordPress Comparison Slider plugin <= 1.0.5 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Comparison Slider versions = 1.0.5...
WordPress Comparison Slider Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software Comparison Slider Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4422 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 462ab4a14294 Credits Benedictus Jovan...
WordPress Comparison Slider Plugin <= 1.0.5 is vulnerable to Broken Access Control
Software Comparison Slider Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4427 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f32c9b917a8 Credits Benedictus Jovan aillesiM...
WordPress Comparison Slider Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Comparison Slider Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4426 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f4b5d98aca44 Credits Benedictus Jovan...