54 matches found
Design/Logic Flaw
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
CVE-2023-5137 Simply Excerpts <= 1.4 - Admin+ Stored XSS
The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...
CVE-2023-5137
CVE-2023-5137 affects the Simply Excerpts WordPress plugin (
WordPress plugin Simply Excerpts security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Simply Excerpts Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)
Software Simply Excerpts Type Plugin Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5137 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a590f7bf68fd Credits niclo Required privilege...
Skuld: The Infostealer that Speaks Golang
Skuld: The Infostealer that Speaks Golang By Ernesto Fernández Provecho · June 13, 2023 In May 2023, the Trellix Advanced Research Center discovered a new Golang stealer, known as Skuld, that compromised systems worldwide, something that security researchers had also noticed. The usage of Golang,...
abrt: default abrt event scripts lead to information disclosure
It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. The fix for this issue prevents non-privileged use...
XSS vulnerability in "children" macro when displaying excerpts
Create a parent page A with a child page B - Add an \excerpt\ macro to B containing the text alert"Gotcha!"; - Add the \children\ macro to page A, with "Show excerpts" checked - Alert is shown when viewing A This is currently present on EAC - likely to be in released versions; not tested yet...
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
CVE-2014-4717
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Share Buttons Adder plugin before 4.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 ssbasharetext parameter in a save...
Recommended updates email includes excerpts from Private/Restricted pages
The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page. This is a security concern as projects that are documented could contain sensitive information. Also mentioned by users in the comments at...
Recommended updates email includes excerpts from Private/Restricted pages
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-29254. panel The recommended updates email will include pages that are restricted, so all users will see an excerpt of that page...
Welt.de hacked - Credit Card info of 30264 users Compromised
Welt.de hacked - Credit Card info of 30264 users Compromised Welt.de hacked using an SQL Injection https://boot24.welt.de/indexwelt..php?ac =. The Hacker was deeply penetrate into the infrastructure of the Website and copy number information from the database of MySQL. He has published the links ...
DEBIAN-CVE-2007-0541
WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain...