24 matches found
EUVD-2016-2660
Malware in sbrugna...
EUVD-2021-8276
Malicious code in bioql PyPI...
CVE-2024-10180
The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...
DRUPAL-CONTRIB-2024-071
This module allows a site builder to create multi-step entity forms leveraging the Field Group field type plugins. The module doesn't escape plain text administrative configurations. An attacker with admin access could inject arbitrary JavaScript code. This vulnerability is mitigated by the fact...
CVE-2024-10180
The Contact Form 7 – Repeatable Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fieldgroup shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
WordPress Contact Form 7 - Repeatable Fields plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via field_group Shortcode vulnerability
WordPress Contact Form 7 - Repeatable Fields plugin = 2.0.1 - Authenticated Contributor+ Stored Cross-Site Scripting via fieldgroup Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Contact Form 7 - Repeatable Fields versions = 2.0.1...
WordPress plugin Contact Form 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2024-49593
CVE-2024-49593 affects the WordPress ecosystem via two plugins: Advanced Custom Fields (ACF) and Secure Custom Fields. The vulnerability is a stored XSS that can be triggered when editing a Field Group with the plugin editors, enabling execution of malicious payloads. Affected versions are ACF pr...
Malicious code in @shwetkhushi/field-group (npm)
--- -= Per source details. Do not edit below this line.=-...
PT-2024-33558 · WordPress · Advanced Custom Fields Pro +1
Name of the Vulnerable Software and Affected Versions: Advanced Custom Fields ACF versions prior to 6.3.9 Secure Custom Fields versions prior to 6.3.6.3 Description: The issue allows for the execution of a stored XSS payload when using the Field Group editor to edit one of the plugin's fields in...
CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
CVE-2021-20867
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
Authorization
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in moving the field group which may allow a user to move the unauthorized field group via unspecified vectors...
Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
Overview WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Missing authorization related to user list obtaining CWE-862 -...
JVN#09136401: Multiple missing authorization vulnerabilities in WordPress Plugin "Advanced Custom Fields"
WordPress Plugin "Advanced Custom Fields" provided by Delicious Brains contains multiple missing authorization vulnerabilities listed below. Missing authorization related to database browsing CWE-862 - CVE-2021-20865 Version| Vector| Score ---|---|--- CVSS v3|...
Drupal Field Group Module Cross-Site Scripting Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Field Group is one of the modules used to group fields. A cross-site scripting vulnerability exists in Drupal Field Group, which can be exploited by remote attackers to inject malicious...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...