40 matches found
CVE-2024-5668
The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 2.7.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes...
WordPress FooBox plugin <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via HTML Data Attributes vulnerability discovered by Webbernaut in WordPress Plugin FooBox Image Lightbox versions = 2.7.28...
WordPress plugin FooBox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress FooBox Image Lightbox Plugin <= 2.7.28 is vulnerable to Cross Site Scripting (XSS)
Software FooBox Image Lightbox Type Plugin Vulnerable versions = 2.7.28 Fixed in 2.7.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5668 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 34ccb97b63f3 Credits Webbernaut...
PT-2024-36988 · WordPress · Foobox
Name of the Vulnerable Software and Affected Versions: FooBox plugin for WordPress versions up to, and including, 2.7.28 Description: The issue is related to DOM-based Stored Cross-Site Scripting via HTML data attributes due to insufficient input sanitization and output escaping on user-supplied...
CVE-2024-3276
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
CVE-2024-3276 FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
The Lightbox & Modal Popup WordPress Plugin WordPress plugin before 2.7.28, foobox-image-lightbox-premium WordPress plugin before 2.7.28 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when...
WordPress plugin FooBox security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
PT-2024-24832 · WordPress · Foobox-Image-Lightbox-Premium +1
Name of the Vulnerable Software and Affected Versions: The Lightbox & Modal Popup WordPress Plugin versions prior to 2.7.28 foobox-image-lightbox-premium WordPress plugin versions prior to 2.7.28 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site...
WordPress FooBox plugin < 2.7.28 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin FooBox Image Lightbox versions 2.7.28...
WordPress FooBox Premium plugin < 2.7.28 - Authenticated Stored Cross-Site Scripting vulnerability
Authenticated Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Foobox Image Lightbox Premium versions 2.7.28...
FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Go to settings and change the...
FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. Go to settings and change the "Specif...
WordPress Foobox Image Lightbox Premium Plugin < 2.7.28 is vulnerable to Cross Site Scripting (XSS)
Software Foobox Image Lightbox Premium Type Plugin Vulnerable versions 2.7.28 Fixed in 2.7.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3276 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a7657ab0a7ef Credits Dmitrii...
WordPress FooBox Image Lightbox Plugin < 2.7.28 is vulnerable to Cross Site Scripting (XSS)
Software FooBox Image Lightbox Type Plugin Vulnerable versions 2.7.28 Fixed in 2.7.28 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3276 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 8576ba9ab955 Credits Dmitrii Ignatyev...
WordPress FooBox Image Lightbox Plugin < 2.7.27 is vulnerable to Cross Site Scripting (XSS)
Software FooBox Image Lightbox Type Plugin Vulnerable versions 2.7.27 Fixed in 2.7.27 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0aedda1b7b63 Credits Rafie Muhammad Patchstack...
WordPress FooBox Image Lightbox plugin < 2.7.17 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress FooBox Image Lightbox plugin versions 2.7.17. Solution Update the WordPress FooBox Image Lightbox plugin to the latest available version at least 2.7.17...
WordPress FooBox Image Lightbox plugin < 2.7.17 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress FooBox Image Lightbox plugin versions 2.7.17. Solution Update the WordPress FooBox Image Lightbox plugin to the latest available version at least 2.7.17...
WordPress FooBox Image Lightbox plugin <= 2.6.3 - Authenticated Option Update vulnerability (Fremius Library security issue)
Authenticated Option Update vulnerability Fremius Library security issue found in WordPress FooBox Image Lightbox plugin versions = 2.6.3. Solution Update the WordPress FooBox Image Lightbox plugin to the latest available version at least 2.6.4...
WordPress FooBox Image Lightbox Plugin <= 1.0.4 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update this plugin...