WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Abu Hurayra in WordPress Plugin Envo Extra versions = 1.9.11...

EUVD-2024-33296

Malicious code in bioql PyPI...

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-4385

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and...

CVE-2024-10770

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10770

The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level...

WordPress Envo Extra plugin <= 1.9.3 - Authenticated (Contributor+) Post Disclosure vulnerability

Authenticated Contributor+ Post Disclosure vulnerability discovered by Francesco Carlucci in WordPress Plugin Envo Extra versions = 1.9.3...

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-5645

The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttoncssid’ parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

WordPress plugin Envo Extra plugin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Envo Extra < 1.8.17 - Authenticated (Contributor+) Cross-Site Scripting

Description The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 1.8.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

WordPress Plugin Envo Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Khalid Patchstack Alliance in WordPress Plugin Envo Extra versions = 1.8.11...

WordPress Envo Extra Plugin < 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Envo Extra Type Plugin Vulnerable versions 1.8.4 Fixed in 1.8.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b026595b9c68 Credits Unknown Required privilege...