47 matches found
EUVD-2022-51734
Malicious code in bioql PyPI...
EUVD-2024-23229
Malicious code in bioql PyPI...
EUVD-2022-51735
Malicious code in bioql PyPI...
EUVD-2024-43384
Malicious code in bioql PyPI...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2024-49321
CVE-2024-49321 concerns Colorlib Simple Custom Post Order (WordPress plugin) with a Missing Authorization vulnerability in versions 2.5.7 and earlier. The issue allows broken access control at the plugin level, enabling unauthorized access due to incorrectly configured security levels (privileges...
CVE-2024-49321 WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Simple Custom Post Order versions = 2.5.7...
WordPress Simple Custom Post Order Plugin <= 2.5.7 is vulnerable to Broken Access Control
Software Simple Custom Post Order Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49321 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c22de4a69ef Credits Rafie Muhammad...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196
CVE-2024-27196 affects the WordPress plugin postMash – custom post order (versions up to and including 1.2.0). Public docs describe a Reflected XSS vulnerability in that plugin. Core details in connected sources specify affected product/version and the nature of the vulnerability (Reflected XSS);...
CVE-2024-27196 WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
PT-2024-21732 · WordPress · Postmash
Name of the Vulnerable Software and Affected Versions: postMash – custom post order versions 1.2.0 and earlier Description: The issue is a Cross Site Scripting XSS vulnerability, specifically a Reflected XSS, in the postMash – custom post order plugin. This type of vulnerability allows an attacke...
CVE-2024-25927
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-25927 WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...