Lucene search
K

40 matches found

NVD
NVD
added 2024/08/08 5:15 a.m.11 views

CVE-2024-5668

The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...

6.4CVSS0.00282EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/08 2:30 a.m.4 views

WordPress FooBox plugin <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin FooBox Image Lightbox versions = 2.7.28...

6.4CVSS6AI score0.00282EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/08 12:0 a.m.4 views

WordPress plugin FooBox 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.4CVSS6.5AI score0.00282EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/08/08 12:0 a.m.12 views

WordPress FooBox Image Lightbox Plugin <= 2.7.28 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions = 2.7.28 Fixed in 2.7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34ccb97b63f3 Credits Webbernaut...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.5 views

PT-2024-36988 · WordPress · Foobox

Name of the Vulnerable Software and Affected Versions: FooBox plugin for WordPress versions up to, and including, 2.7.28 Description: The issue is related to DOM-based Stored Cross-Site Scripting via HTML data attributes due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS5.8AI score0.00282EPSS
Exploits0References7
OSV
OSV
added 2024/06/18 6:15 a.m.3 views

CVE-2024-3276

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

4.8CVSS5.8AI score0.00335EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/18 6:0 a.m.37 views

CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...

0.00335EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.3 views

WordPress plugin FooBox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

6.1CVSS6.1AI score0.00335EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/06/18 12:0 a.m.4 views

PT-2024-24832 · WordPress · Foobox-Image-Lightbox-Premium +1

Name of the Vulnerable Software and Affected Versions: The Lightbox & Modal Popup WordPress Plugin versions prior to 2.7.28 foobox-image-lightbox-premium WordPress plugin versions prior to 2.7.28 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site...

6.1CVSS5.6AI score0.00335EPSS
Exploits2References5
Patchstack
Patchstack
added 2024/05/28 8:24 a.m.4 views

WordPress FooBox plugin < 2.7.28 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin FooBox Image Lightbox versions 2.7.28...

6.1CVSS5.7AI score0.00335EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/05/28 8:24 a.m.4 views

WordPress FooBox Premium plugin < 2.7.28 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Foobox Image Lightbox Premium versions 2.7.28...

6.1CVSS5.7AI score0.00335EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/28 12:0 a.m.19 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to settings and change the...

7.7AI score0.00335EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2024/05/28 12:0 a.m.148 views

FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to settings and change the "Specif...

7.8AI score0.00335EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/05/28 12:0 a.m.12 views

WordPress Foobox Image Lightbox Premium Plugin < 2.7.28 is vulnerable to Cross Site Scripting (XSS)

Software Foobox Image Lightbox Premium Type Plugin Vulnerable versions 2.7.28 Fixed in 2.7.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3276 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7657ab0a7ef Credits Dmitrii...

6.1CVSS5AI score0.00335EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2024/05/28 12:0 a.m.12 views

WordPress FooBox Image Lightbox Plugin < 2.7.28 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions 2.7.28 Fixed in 2.7.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3276 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8576ba9ab955 Credits Dmitrii Ignatyev...

6.1CVSS5AI score0.00335EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.5 views

WordPress FooBox Image Lightbox Plugin < 2.7.27 is vulnerable to Cross Site Scripting (XSS)

Software FooBox Image Lightbox Type Plugin Vulnerable versions 2.7.27 Fixed in 2.7.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0aedda1b7b63 Credits Rafie Muhammad Patchstack...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.14 views

WordPress FooBox Image Lightbox plugin < 2.7.17 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FooBox Image Lightbox plugin versions 2.7.17. Solution Update the WordPress FooBox Image Lightbox plugin to the latest available version at least 2.7.17...

3.2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.66 views

WordPress FooBox Image Lightbox plugin < 2.7.17 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress FooBox Image Lightbox plugin versions 2.7.17. Solution Update the WordPress FooBox Image Lightbox plugin to the latest available version at least 2.7.17...

2AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2019/03/02 12:0 a.m.15 views

WordPress FooBox Image Lightbox plugin <= 2.6.3 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress FooBox Image Lightbox plugin versions = 2.6.3. Solution Update the WordPress FooBox Image Lightbox plugin to the latest available version at least 2.6.4...

2.9AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2015/04/16 12:0 a.m.14 views

WordPress FooBox Image Lightbox Plugin <= 1.0.4 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...

2.3AI score
Exploits0Affected Software1
Rows per page
Query Builder