EUVD-2024-37569

Malicious code in bioql PyPI...

GHSA-3GF9-WV65-GWH9 gradio Server Side Request Forgery vulnerability

In gradio =4.42.0, the gr.DownloadButton function has a hidden server-side request forgery SSRF vulnerability. The reason is that within the saveurltocache function, there are no restrictions on the URL, which allows access to local target resources. This can lead to the download of local resourc...

PT-2024-32971 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio versions 4.42.0 and earlier Description: The issue is related to a hidden server-side request forgery SSRF vulnerability in the gr.DownloadButton function. This vulnerability arises because the save url to cache function does not...

Gradio 安全漏洞

Gradio, an open source Python library from Gradio Open Source, is a way to demonstrate machine learning models through a friendly web interface. A security vulnerability exists in Gradio version 4.42.0, which stems from the gr.DownloadButton function containing a server-side request forgery...

CVE-2024-38718

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1...

CVE-2024-38718

CVE-2024-38718 is a stored XSS in the WordPress plugin Download Button for Elementor affecting versions up to 1.2.1. Affected component is the Download Button for Elementor; root cause is improper neutralization of input during web page generation. Public references (NVD/CVE records and Wordfence...

CVE-2024-38718 WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1...

CVE-2024-38718 WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in clicklabs® Medienagentur Download Button for Elementor allows Stored XSS.This issue affects Download Button for Elementor: from n/a through 1.2.1...

PT-2024-28163 · Clicklabs Medienagentur · Clicklabs Medienagentur Download Button For Elementor

Name of the Vulnerable Software and Affected Versions: clicklabs Medienagentur Download Button for Elementor versions 1.2.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored...

WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Download Button for Elementor versions = 1.2.1...

WordPress Grey Opaque theme <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Download-Button Shortcode vulnerability discovered by Francesco Carlucci in WordPress Theme Grey Opaque versions = 2.0.1...

CVE-2024-5966

The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-5966 Grey Opaque <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Download-Button Shortcode

The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

CVE-2012-10016 Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure

A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-buttondl.php of the component Download Handler. The manipulation of the argument file leads to information...

CVE-2012-10016

CVE-2012-10016 affects the Halulu simple-download-button-shortcode WordPress plugin (version 1.0). The vulnerability lies in an unknown function within the file simple-download-button_dl.php of the Download Handler, where manipulation of the file argument leads to information disclosure. The issu...

Wordpress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure

No description provided by source. Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins :...

WordPress Simple Download Button Shortcode 1.0 File Disclosure

Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins : http://downloads.wordpress.org/plugin/simple-download-button-shortcode.1.0.0.zip Date :...

WordPress Plugin Simple Download Button ShortCode 1.0 - Remote File Disclosure

Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins : http://downloads.wordpress.org/plugin/simple-download-button-shortcode.1.0.0.zip Date :...

Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure

Exploit for php platform in category web applications Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins :...