14 matches found
PT-2026-25274
Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from n/a through = 3.7.7...
CVE-2023-4963
The WS Facebook Like Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
EUVD-2014-9339
Malware in sbrugna...
CVE-2014-9524
Multiple cross-site request forgery CSRF vulnerabilities in the Facebook Like Box cardoza-facebook-like-box plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct...
WordPress WS Facebook Like Box Widget Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Software WS Facebook Like Box Widget Type Plugin Vulnerable versions = 5.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4963 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 253f2e5e6627 Credits Lana Codes...
WordPress Plugin WS Facebook Like Box Widget Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2023-31275 · WordPress · Ws Facebook Like Box Widget
Name of the Vulnerable Software and Affected Versions: WS Facebook Like Box Widget for WordPress plugin versions up to, and including, 5.0 Description: The issue is related to Stored Cross-Site Scripting via the 'ws-facebook-likebox' shortcode due to insufficient input sanitization and output...
WordPress Plugin Facebook Like Box (cardoza-facebook-like-box) Cross-Site Request Forgery Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress plugin Facebook Like Box cardoza-facebook-like-box versions...
CVE-2014-9524
Multiple cross-site request forgery CSRF vulnerabilities in the Facebook Like Box cardoza-facebook-like-box plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Facebook Like Box cardoza-facebook-like-box plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct...
CVE-2014-9524
Multiple cross-site request forgery CSRF vulnerabilities in the Facebook Like Box cardoza-facebook-like-box plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct...
CVE-2014-9524
The CVE-2014-9524 entry concerns the WordPress plugin Cardoza Facebook Like Box (formerly cardoza-facebook-like-box) before version 2.8.3. The vulnerability set comprises multiple CSRF flaws that allow remote attackers to hijack an administrator’s authenticated session and perform actions such as...
WordPress Facebook Like Box 2.8.2 CSRF / XSS
Title: WordPress 'Facebook Like Box' plugin - CSRF/XSS Version: 2.8.2 Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/cardoza-facebook-like-box/ Notified WordPress: 2014/11/27...
Cardoza Facebook Like Box < 2.8.3 - Multiple CSRF
The Easy Social Like Box – Popup – Sidebar Widget WordPress plugin was affected by a Multiple CSRF security vulnerability...