212 matches found
EUVD-2023-56898
Malicious code in bioql PyPI...
EUVD-2023-57879
Malicious code in bioql PyPI...
EUVD-2023-37384
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-28202
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties ...
CVE-2023-52225
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-5583
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallerygallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level...
CVE-2023-33214
Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2022-4795
The Galleries by Angie Makes WordPress plugin through 1.67 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...
CVE-2021-4384
The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the loadimagesthumbnail and editgallery functions. This makes it possible for unauthenticat...
CVE-2024-8437
The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpegsettings and wpegaddgallery in all versions up to, and including, 4.8.5. This makes it possible for authenticate...
PT-2024-39013 · WordPress · Wp Easy Gallery
Name of the Vulnerable Software and Affected Versions: The WP Easy Gallery – WordPress Gallery Plugin versions up to, and including, 4.8.5 Description: The issue is related to unauthorized access due to a missing capability check on several functions hooked via AJAX, such as wpeg settings and wpe...
Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics < 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-32552 WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2...
CVE-2024-32552 WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tagbox Taggbox allows Stored XSS.This issue affects Taggbox: from n/a through 3.2...
WordPress Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Taggbox versions = 3.2...
BIT-MEDIAWIKI-2022-28202
An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete...
Design/Logic Flaw
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...
WordPress Plugin Sunshine Photo Cart: Free Client Galleries for Photographers Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
[SECURITY] Fedora 38 Update: python-nikola-8.3.0-1.fc38
Nikola is a static site and blog generator using Python. It generates sites with tags, feeds, archives, comments, and more from plain text files. Source can be unformatted, or formatted with reStructuredText or Markdown. It also automatically builds image galleries...
PT-2024-15072 · WordPress · Envira Photo Gallery
Name of the Vulnerable Software and Affected Versions: Envira Photo Gallery plugin for WordPress versions up to, and including, 1.8.7.1 Description: The issue allows authenticated attackers with contributor access and above to modify galleries on other users' posts due to an improper capability...