18 matches found
EUVD-2022-51849
Malicious code in bioql PyPI...
EUVD-2024-32527
Malicious code in bioql PyPI...
EUVD-2023-33835
Malicious code in bioql PyPI...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2022-4508
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
CVE-2024-3961 affects the ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages WordPress plugin up to version 2.4.9. The vulnerability arises from a missing capability check in the tag_subscriber function, enabling unauthenticated attackers to subscribe users to tags, pot...
WordPress ConvertKit plugin <= 2.4.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 1337Wannabe in WordPress Plugin ConvertKit versions = 2.4.9...
WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability
Email Disclosure in Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin ConvertKit versions = 2.4.5...
WordPress ConvertKit Plugin < 2.2.1 is vulnerable to Cross Site Scripting (XSS)
Software ConvertKit Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2337 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6af91863e6ee Credits Erwan LR WPScan Required...
CVE-2023-2337
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2337 ConvertKit < 2.2.1 - Reflected XSS
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress plugin ConvertKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-18925 · WordPress · Convertkit
Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.2.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in an attribute. This could b...
CVE-2022-4508
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...
WordPress plugin ConvertKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-14590 · WordPress · Convertkit
Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.0.5 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. This ...