17 matches found
CVE-2025-62755
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through = 1.4.2...
CVE-2025-62755
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through = 1.4.2...
CVE-2025-62755
CVE-2025-62755 pertains to GS Portfolio for Envato, affecting the plugin up to version 1.4.2. Based on the provided initial document, this is an unauthenticated broken access control vulnerability (unauthorized access to restricted resources/actions) that does not require user credentials. The co...
CVE-2025-62755 WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through = 1.4.2...
CVE-2025-62755 WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through = 1.4.2...
WordPress GS Portfolio for Envato plugin <= 1.4.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin GS Portfolio for Envato versions = 1.4.2...
WordPress plugin GS Portfolio for Envato 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
CVE-2023-0559
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
Cross site scripting
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0559 GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0559 GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
CVE-2023-0559
The CVE-2023-0559 entry concerns the GS Portfolio for Envato WordPress plugin (pre-1.4.0). It does not validate/escape certain shortcode attributes before output, enabling Stored XSS for users with the contributor role or higher when the shortcode is used on a page/post. Affected software is the ...
PT-2023-16363 · WordPress · Gs Portfolio
Name of the Vulnerable Software and Affected Versions: GS Portfolio for Envato WordPress plugin versions prior to 1.4.0 Description: The issue concerns the GS Portfolio for Envato WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in ...
WordPress plugin GS Portfolio for Envato 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...
GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC Insert the following shortcode in a...
GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Insert the following shortcode in a...