976 matches found
WordPress WP Custom Fields Search Plugin <= 1.2.35 is vulnerable to Cross Site Scripting (XSS)
Software WP Custom Fields Search Type Plugin Vulnerable versions = 1.2.35 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8364 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 701b94a643a3 Credits Krzysztof Zając...
CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...
CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...
CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...
CVE-2024-45429
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the...
CVE-2024-45429
CVE-2024-45429 is a cross-site scripting vulnerability in the WordPress plugins Advanced Custom Fields and Advanced Custom Fields Pro, affecting versions ≤ 6.3.5. The issue arises when an attacker who has the product’s configured capability privilege stores an arbitrary script in a field label, a...
WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
Overview The field labels in WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Ryo Sotoyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#67963942: WordPress Plugin "Advanced Custom Fields" vulnerable to cross-site scripting
The field labels in WordPress Plugin "Advanced Custom Fields" provided by WP Engine contains a cross-site scripting vulnerability CWE-79. Impact If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script ma...
WordPress plugin Advanced Custom Fields和WordPress plugin Advanced Custom Fields Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-31626 · Unknown · Advanced Custom Fields Pro
Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields versions 6.3.5 and earlier Advanced Custom Fields Pro versions 6.3.5 and earlier Description: A cross-site scripting issue exists, allowing an attacker with the capability setting privilege to store an arbitrary script ...
WordPress Meta Box – WordPress Custom Fields Framework Plugin <= 5.9.10 is vulnerable to Broken Access Control
Software Meta Box – WordPress Custom Fields Framework Type Plugin Vulnerable versions = 5.9.10 Fixed in 5.9.11 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43235 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 05cac2b9959a Credit...
Joomla! 4.x < 4.4.6 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
Joomla! 5.x < 5.1.2 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
Joomla! 3.x < 3.10.16 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.x prior to 3.10.16, 4.x prior to 4.4.6 or 5.x prior to 5.1.2. It is, therefore, affected by multiple vulnerabilities. - Inadequate input validation leads to XSS vulnerabilities in the...
Joomla! XSS Vulnerability (20240705)
Joomla! is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...
CVE-2024-26278
The Custom Fields component not correctly filter inputs, leading to a XSS vector...
CVE-2024-26278
The Custom Fields component not correctly filter inputs, leading to a XSS vector...
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value
The Custom Fields component not correctly filter inputs, leading to a XSS vector...
CVE-2024-26278
CVE-2024-26278 impacts Joomla! (Custom Fields component) where inputs are not properly filtered, enabling a cross-site scripting (XSS) vector via com_fields default field values. This is corroborated by multiple sources (NVD/NVD-linked data, Red Hat advisory, OSV, CVE listings, and Nessus/NASL su...
CVE-2024-26278 [20240705] - Core - XSS in com_fields default field value
The Custom Fields component not correctly filter inputs, leading to a XSS vector...