15 matches found
EUVD-2024-45589
Malicious code in bioql PyPI...
CVE-2024-51655
Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...
CVE-2024-51655
Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...
CVE-2024-51655
CVE-2024-51655 is a CSRF to Stored XSS vulnerability in the WordPress plugin Custom Author URL (versions
CVE-2024-51655 WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...
CVE-2024-51655 WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in microkid Custom Author URL author-slug allows Stored XSS.This issue affects Custom Author URL: from n/a through = 2.0.1...
WordPress plugin Custom Author URL 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
WordPress Custom Author URL plugin <= 2.0.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability
CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Custom Author URL versions = 2.0.1...
WordPress Custom Author URL Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Custom Author URL Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51655 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID c966f24d37c5 Credits SOPROBRO Required...
CVE-2023-1614
The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1614 WP Custom Author URL < 1.0.5 - Admin+ Stored XSS
The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1614
CVE-2023-1614 affects the WordPress plugin WP Custom Author URL (pre-1.0.5). The vulnerability stems from insufficient sanitization/escaping of certain plugin settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public deta...
PT-2023-17119 · WordPress · Wp Custom Author Url
Name of the Vulnerable Software and Affected Versions: WP Custom Author URL WordPress plugin versions prior to 1.0.5 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...
WordPress WP Custom Author URL Plugin < 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Custom Author URL Type Plugin Vulnerable versions 1.0.5 Fixed in 1.0.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1614 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 759b597f5797 Credits Shreya Pohekar Requir...
WP Custom Author URL < 1.0.5 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Login as Admin. 2. Go to...