22 matches found
CVE-2026-0743
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0743
CVE-2026-0743 (WP Content Permission plugin for WordPress) is a Stored Cross-Site Scripting vulnerability affecting versions up to 1.2. The flaw arises from insufficient input sanitization and output escaping in the ohmem-message parameter, enabling an authenticated attacker with Administrator-le...
CVE-2026-0743 WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0743
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-0743 WP Content Permission <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-5406
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin WP Content Permission 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-6021
Name of the Vulnerable Software and Affected Versions WP Content Permission versions prior to 1.3 Description The WP Content Permission plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the ohmem-message...
WordPress WP Content Permission plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'ohmem-message' Parameter vulnerability discovered by 0x34rth in WordPress Plugin WP Content Permission versions = 1.2...
Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117
This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...
EUVD-2022-5465
Malicious code in bioql PyPI...
Paragraphs table - Critical - Access bypass, Information Disclosure - SA-CONTRIB-2024-036
This module enables field collections to be displayed as tables. It supports display suite and field permissions and provides operations modify, delete, duplicate. This module has multiple vulnerabilities due to the requirements on the routes it provides not being restrictive enough. Information...
DRUPAL-CONTRIB-2024-029
The Opigno Learning Path module enables you to manage group content. Administrative forms allow uploading malicious files which may contain arbitrary code RCE or cross site scriptiong XSS. These forms were not adequately controlled with permissions that communicate the severity of the permission...
DRUPAL-CONTRIB-2023-040
The Data Field module provides a way of building field types that are made up of other fields, a simpler alternative to e.g. the Paragraphs system. Access to these forms isn't properly validated, allowing a user with the "access content" permission to view and edit fields on entities...
DRUPAL-CONTRIB-2023-020
This module enables you to define a 'weekly office hours' field type, and add a field to any Content type, in order to display the weekly opening hours for a location. The module doesn't sufficiently filter user-supplied text leading to a Cross Site Scripting XSS vulnerability. This vulnerability...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android 13, which stems from a lack of permission checking in Content, which could potentially check for the presence of a given account on the device, whi...
View Content Permission Set not Complete.
The Content Permission Set returned from the method getViewContentPermissions is incomplete. It appears to only contain a single ContentPermission object regardless of how many View permisisons have been attached to a Page. 1 Create a new page 2 Assign a View restriction for 1 group 3 Assign View...
View Content Permission Set not Complete.
The Content Permission Set returned from the method getViewContentPermissions is incomplete. It appears to only contain a single ContentPermission object regardless of how many View permisisons have been attached to a Page. 1 Create a new page 2 Assign a View restriction for 1 group 3 Assign View...
View Content Permission Set not Complete.
The Content Permission Set returned from the method getViewContentPermissions is incomplete. It appears to only contain a single ContentPermission object regardless of how many View permisisons have been attached to a Page. 1 Create a new page 2 Assign a View restriction for 1 group 3 Assign View...
CVE-2012-1660
Multiple cross-site scripting XSS vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select or other" module is enabled, allow remote authenticated users with the create webform content permission to inject...