Lucene search
K

28 matches found

Patchstack
Patchstack
added 2024/11/22 9:20 p.m.11 views

WordPress Twitter Follow Button plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin Twitter Follow Button versions = 0.2...

6.4CVSS5.8AI score0.00385EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/22 12:0 a.m.12 views

WordPress Twitter Follow Button Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)

Software Twitter Follow Button Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10116 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c7792e36646e Credits Francesco Carlucci...

6.4CVSS5.8AI score0.00385EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.8 views

PT-2024-16038 · WordPress · Twitter Follow Button

Name of the Vulnerable Software and Affected Versions: Twitter Follow Button plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the username parameter due to insufficient input sanitization and output escaping. This allows...

6.4CVSS8AI score0.00385EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/08/03 12:0 a.m.4 views

WordPress Simple Share Follow Button Plugin <= 1.03 is vulnerable to Cross Site Scripting (XSS)

Software Simple Share Follow Button Type Plugin Vulnerable versions = 1.03 Fixed in 1.04 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 358cf0bf8f7d Credits Unknown Required privileg...

6AI score
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:22 p.m.4 views

Malicious code in mitui-comp-follow-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec2258f4ac3890208ab0a86cfa7870e80a344822c1754abc483caa4d7aede97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:22 p.m.11 views

MAL-2022-4622 Malicious code in mitui-comp-follow-button (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec2258f4ac3890208ab0a86cfa7870e80a344822c1754abc483caa4d7aede97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Hacker One
Hacker One
added 2016/09/28 7:6 a.m.32 views

Automattic: Follow Button XSS

PoC 1 Open link 2 Click "Follow" in the bottom right-hand corner XSS Should work on any wordpress site with this Follow button. fbd.isLoggedIn must be equal to false. https://apps.wordpress.com/support/"scriptalertdocument.domain/script https://labs.spotify.com/"scriptalertdocument.domain/script...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2015/12/17 12:0 a.m.22 views

WordPress Twitter 2.37 Cross Site Scripting

Effected Version : 2.36 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following fields put the payload as below...

7.4AI score
Exploits0
Rows per page
Query Builder