47 matches found
EUVD-2022-51735
Malicious code in bioql PyPI...
EUVD-2024-23229
Malicious code in bioql PyPI...
EUVD-2024-43384
Malicious code in bioql PyPI...
EUVD-2022-51734
Malicious code in bioql PyPI...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2022-4385
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user with roles as low as Subscriber to update the menu order...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2024-49321 WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2024-49321
CVE-2024-49321 concerns Colorlib Simple Custom Post Order (WordPress plugin) with a Missing Authorization vulnerability in versions 2.5.7 and earlier. The issue allows broken access control at the plugin level, enabling unauthorized access due to incorrectly configured security levels (privileges...
WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Simple Custom Post Order versions = 2.5.7...
WordPress Simple Custom Post Order Plugin <= 2.5.7 is vulnerable to Broken Access Control
Software Simple Custom Post Order Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49321 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c22de4a69ef Credits Rafie Muhammad...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196
CVE-2024-27196 affects the WordPress plugin postMash – custom post order (versions up to and including 1.2.0). Public docs describe a Reflected XSS vulnerability in that plugin. Core details in connected sources specify affected product/version and the nature of the vulnerability (Reflected XSS);...
CVE-2024-27196 WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
PT-2024-21732 · WordPress · Postmash
Name of the Vulnerable Software and Affected Versions: postMash – custom post order versions 1.2.0 and earlier Description: The issue is a Cross Site Scripting XSS vulnerability, specifically a Reflected XSS, in the postMash – custom post order plugin. This type of vulnerability allows an attacke...
CVE-2024-25927
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-25927 WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...