18 matches found
EUVD-2024-32527
Malicious code in bioql PyPI...
EUVD-2023-33835
Malicious code in bioql PyPI...
EUVD-2022-51849
Malicious code in bioql PyPI...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2022-4508
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tagsubscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
CVE-2024-3961
CVE-2024-3961 affects the ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages WordPress plugin up to version 2.4.9. The vulnerability arises from a missing capability check in the tag_subscriber function, enabling unauthenticated attackers to subscribe users to tags, pot...
WordPress ConvertKit plugin <= 2.4.9 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by 1337Wannabe in WordPress Plugin ConvertKit versions = 2.4.9...
WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability
Email Disclosure in Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin ConvertKit versions = 2.4.5...
WordPress ConvertKit Plugin < 2.2.1 is vulnerable to Cross Site Scripting (XSS)
Software ConvertKit Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2337 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6af91863e6ee Credits Erwan LR WPScan Required...
CVE-2023-2337
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-2337 ConvertKit < 2.2.1 - Reflected XSS
The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
PT-2023-18925 · WordPress · Convertkit
Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.2.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in an attribute. This could b...
WordPress plugin ConvertKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2022-4508
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...
WordPress plugin ConvertKit 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-14590 · WordPress · Convertkit
Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.0.5 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins. This ...