Sql injection

In the module "CD Custom Fields 4 Orders" cdcustomfields4orders = 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions...

CVE-2024-25845

In the module "CD Custom Fields 4 Orders" cdcustomfields4orders = 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions...

PrestaShop Security Breach

PrestaShop is a set of open source e-commerce solutions from PrestaShop, USA. The solution offers multiple payment methods, short message alerts and product image zoom. A security vulnerability exists in PrestaShop CD Custom Fields 4 Orders version 1.0.0 and earlier versions. An attacker exploite...

CVE-2024-25845

CVE-2024-25845 applies to the PrestaShop module CD Custom Fields 4 Orders (cdcustomfields4orders) version 1.0.0 and earlier. A guest can perform SQL injection in affected versions, exposing confidentiality, integrity, and availability (CVSS v3.1: 9.8, network access, no user interaction). There a...

PT-2024-21157 · Unknown · Cd Custom Fields 4 Orders

Name of the Vulnerable Software and Affected Versions: CD Custom Fields 4 Orders version 1.0.0 and earlier Description: A SQL injection issue exists, allowing a guest to perform malicious actions. Recommendations: For versions 1.0.0 and earlier, update to a version later than 1.0.0 to resolve the...

Schema Pro < 2.7.16 - Contributor+ Custom Field Access

Description The plugin does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode PoC As a contributor, add/edit a post and embed aiosrsprocustomfield postid="ANYPOSTID" fieldkey="ANYMETAKEY" and specify/guess an...

CVE-2024-1277

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to...

WordPress Custom fields shortcode Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Custom fields shortcode Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6809 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 73516645b707 Credits Francesco Carlucci...

Custom fields shortcode <= 0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode

Description The Custom fields shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf shortcode in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping on user supplied custom post meta values. This makes it...

Liferay Portal 7.4.x < 7.4.3.4 Multiple Vulnerabilities

The version of Liferay Portal installed on the remote host is prior to 7.4.3.4. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pac...

Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...

GHSA-CR36-3VQF-X5W5 Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...

Ocean Extra < 2.2.5 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via custom fields due to insufficient input sanitization and output escaping, allowing authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesse...

Meta Box – WordPress Custom Fields Framework < 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Meta Box – WordPress Custom Fields Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta values displayed through the plugin's shortcode in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escapin...

WordPress Meta Box – WordPress Custom Fields Framework Plugin <= 5.9.2 is vulnerable to Cross Site Scripting (XSS)

Software Meta Box – WordPress Custom Fields Framework Type Plugin Vulnerable versions = 5.9.2 Fixed in 5.9.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6526 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03fafb4798e5...

CVE-2023-6996

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vgdisplaydata shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This...

CVE-2023-6982

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...

CVE-2023-6982

The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplie...

CVE-2023-6701

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...

Cross site scripting

The Advanced Custom Fields ACF plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom text field in all versions up to, and including, 6.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-lev...