14 matches found
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
EUVD-2022-15416
Malicious code in bioql PyPI...
CVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...
CVE-2022-28612
Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...
Improper access control
Improper Access Control vulnerability leading to multiple Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerabilities in Muneeb's Custom Popup Builder plugin = 1.3.1 at WordPress...
Custom Popup Builder <= 1.3.1 - Contributor+ Stored Cross-Site Scripting
The plugin does have proper authorisation in place, and does not sanitise as well as escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks...
WordPress Custom Popup Builde plugin denial of service vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. A denial of service vulnerability exists in versions of the WordPress Custom Popup Builde plugin prior to 1.3.1,...
CVE-2022-0214
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
Denial of service
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
CVE-2022-0214 Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service
The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog...
CVE-2022-0214
The CVE-2022-0214 issue affects the WordPress plugin “Custom Popup Builder” prior to v1.3.1. The popup data autoloads on every page and can be populated by unauthenticated input, with length not being validated, enabling a denial of service on the blog. Affected software: WordPress Custom Popup B...
WordPress和WordPress plugin 资源管理错误漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. A denial of service vulnerability exists in versions of the WordPress Custom Popup Builde plugin prior to 1.3.1,...
Popup | Custom Popup Builder < 1.3.1 - Unauthenticated Denial of Service
The plugin autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog 1 Create a popup as admin and access the popup page as unauthenticated 2 Send data on the form and intercept t...
WordPress Popup | Custom Popup Builder plugin <= 1.3 - Unauthenticated Denial of Service (DoS) vulnerability
Unauthenticated Denial of Service DoS vulnerability discovered by Felipe de Avila in WordPress Popup | Custom Popup Builder plugin versions = 1.3. Solution Update the WordPress Popup | Custom Popup Builder plugin to the latest available version at least 1.3.1...