EUVD-2024-46734

Malicious code in bioql PyPI...

CVE-2024-5531

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-5531

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-5531

The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

CVE-2024-5531

CVE-2024-5531 : Ocean Extra (WordPress) is vulnerable to Stored Cross-Site Scripting via the Flickr Widget in all versions up to and including 2.2.8. The root cause is insufficient input sanitization and output escaping on user-supplied widget attributes, allowing an authenticated attacker with c...

Wordpress Ocean Extra plugin <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Flickr Widget vulnerability discovered by wesley wcraft in WordPress Plugin Ocean Extra versions = 2.2.8...

Ocean Extra < 2.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget

Description The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flickr widget in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...

CVE-2023-25989

Summary: CVE-2023-25989 is a CSRF vulnerability reported across multiple Meks WordPress plugins (Audio Player, Time Ago, ThemeForest Smart Widget, Smart Author Widget, Easy Maps, Easy Photo Feed Widget, Simple Flickr Widget, Easy Ads Widget, Smart Social Widget, and related plugins). The flaw ena...

WordPress Meks Simple Flickr Widget Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Meks Simple Flickr Widget Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25989 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ad7aa5e63051 Credits Muhammad Daff...

The7 < 11.6.1 - Reflected XSS

The plugin does not sanitise and escape a parameter from the legacy DT Flickr widget before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...