11 matches found
EUVD-2024-17445
Malicious code in bioql PyPI...
CVE-2024-1711
The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-37495
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through = 1.9.7...
CVE-2024-37495 WordPress Create by Mediavine plugin <= 1.9.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mischiefmarmot Create by Mediavine mediavine-create.This issue affects Create by Mediavine: from n/a through = 1.9.7...
CVE-2024-37495 WordPress Create by Mediavine plugin <= 1.9.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mediavine Create by Mediavine allows Stored XSS.This issue affects Create by Mediavine: from n/a through 1.9.7...
WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)
Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37495 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID 4b868863b41e Credits LVT-tholv2k Required privilege Contribut...
CVE-2024-5601 Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)
Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5601 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID ca91d82db3a3 Credits Krzysztof Zając Required...
CVE-2024-1711 Create by Mediavine <= 1.9.4 - Unauthenticated SQL Injection via 'id'
The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-1711
The CVE-2024-1711 vulnerability affects the Create by Mediavine WordPress plugin (versions up to and including 1.9.4). It enables unauthenticated SQL Injection via the id parameter due to insufficient escaping and lack of proper query preparation, allowing an attacker to inject additional SQL and...
PT-2024-18242 · Mediavine · Create By Mediavine Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Create by Mediavine plugin for WordPress versions up to, and including, 1.9.4 Description: The issue allows for SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation ...