27 matches found
EUVD-2014-4643
Malware in sbrugna...
EUVD-2021-34234
Malicious code in bioql PyPI...
EUVD-2024-49427
Malicious code in bioql PyPI...
CVE-2024-8799
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
CVE-2024-8799
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
CVE-2024-8799
CVE-2024-8799 affects the WordPress plugin Custom Banners (versions ≤ 3.3), enabling unauthenticated Reflected Cross-Site Scripting via add_query_arg usage without proper escaping. Root cause: URL handling weakness in the plugin enables injection in pages executed by users; impact is reflected XS...
WordPress Custom Banners plugin <= 3.3 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Custom Banners versions = 3.3...
WordPress Custom Banners Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)
Software Custom Banners Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8799 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID cfcbb86b25ba Credits vgo0 Required privilege...
WordPress plugin Custom Banners 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
CVE-2021-4407
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...
CVE-2021-4407
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...
Cross site request forgery (csrf)
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...
CVE-2021-4407 Custom Banners <= 3.2.2 - Cross-Site Request Forgery Bypass
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...
CVE-2021-4407
The CVE-2021-4407 issue affects the Custom Banners WordPress plugin, where Cross-Site Request Forgery is possible due to missing/incorrect nonce validation in saveCustomFields(). Versions up to and including 3.2.2 are affected. Attackers without authentication could cause changes by tricking an a...
CVE-2021-4407
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...
WordPress Plugin Custom Banners 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-12519 · WordPress · Custom Banners
Name of the Vulnerable Software and Affected Versions: Custom Banners plugin for WordPress versions up to and including 3.2.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the saveCustomFields function. This allows unauthenticated...
WordPress Custom Banners plugin <= 3.2.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by WPScan Team in WordPress Custom Banners plugin versions = 3.2.2. Solution Update the WordPress Custom Banners plugin to the latest available version at least 3.3...
Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields
The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 PoC Send a request without the...
Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields
The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 Send a request without the my-custom-fieldswpnonc...