28 matches found
WordPress Twitter Follow Button plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via username Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin Twitter Follow Button versions = 0.2...
WordPress Twitter Follow Button Plugin <= 0.2 is vulnerable to Cross Site Scripting (XSS)
Software Twitter Follow Button Type Plugin Vulnerable versions = 0.2 Fixed in 0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10116 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c7792e36646e Credits Francesco Carlucci...
PT-2024-16038 · WordPress · Twitter Follow Button
Name of the Vulnerable Software and Affected Versions: Twitter Follow Button plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the username parameter due to insufficient input sanitization and output escaping. This allows...
WordPress Simple Share Follow Button Plugin <= 1.03 is vulnerable to Cross Site Scripting (XSS)
Software Simple Share Follow Button Type Plugin Vulnerable versions = 1.03 Fixed in 1.04 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 358cf0bf8f7d Credits Unknown Required privileg...
Malicious code in mitui-comp-follow-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec2258f4ac3890208ab0a86cfa7870e80a344822c1754abc483caa4d7aede97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4622 Malicious code in mitui-comp-follow-button (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ec2258f4ac3890208ab0a86cfa7870e80a344822c1754abc483caa4d7aede97 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Automattic: Follow Button XSS
PoC 1 Open link 2 Click "Follow" in the bottom right-hand corner XSS Should work on any wordpress site with this Follow button. fbd.isLoggedIn must be equal to false. https://apps.wordpress.com/support/"scriptalertdocument.domain/script https://labs.spotify.com/"scriptalertdocument.domain/script...
WordPress Twitter 2.37 Cross Site Scripting
Effected Version : 2.36 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following fields put the payload as below...