212 matches found
CVE-2023-52225
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-52225
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
Deserialization of untrusted data
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-52225
CVE-2023-52225 describes a deserialization of untrusted data vulnerability in the WordPress plugin Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics . Affected versions are listed as up to version 3.1 (n/a to 3.1); the root cause is improper deserialization of untrusted input...
PT-2024-14489 · Unknown · Tagbox – Ugc Galleries
Name of the Vulnerable Software and Affected Versions: Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics versions n/a through 3.1 Description: The issue is related to Deserialization of Untrusted Data, which affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews &...
CVE-2023-41796
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0...
CVE-2023-41796
The Sunshine Photo Cart plugin for WordPress (Sunshine Photo Cart: Free Client Galleries for Photographers) is affected by CVE-2023-41796. Affected versions are before 3.0.0 and the root cause is Insecure Direct Object References (IDOR) caused by authorization bypass via a user-controlled key, en...
CVE-2023-33214
Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-33214
Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-33214 WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-33214 WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...
CVE-2023-33214
CVE-2023-33214 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress Taggbox widget/plugin (Taggbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics). Public records tie this to the Taggbox WordPress plugin, with vulnerable versions cited as up to and includi...
reproduction-galleries.com Improper Access Control vulnerability OBB-3809004
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-4686
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
Information disclosure
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2023-5583
CVE-2023-5583 affects WP Simple Galleries for WordPress (≤ v1.34). The vulnerability is a PHP Object Injection via deserialization of untrusted input from the wpsimplegallery_gallery post meta through the wpsgallery shortcode. It requires contributor-level permissions or higher and could enable a...
WordPress Plugin WP Simple Galleries Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress WP Simple Galleries Plugin <= 1.34 is vulnerable to PHP Object Injection
Software WP Simple Galleries Type Plugin Vulnerable versions = 1.34 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-5583 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID fbbcc5df46bc Credits István Márton Required privilege Contribut...
nationalgalleries.org Cross Site Scripting vulnerability OBB-3765325
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...