70 matches found
EUVD-2015-4092
Malware in sbrugna...
EUVD-2015-9193
Malware in sbrugna...
EUVD-2015-9194
Malware in sbrugna...
EUVD-2022-52057
Malicious code in bioql PyPI...
EUVD-2023-12442
Malicious code in bioql PyPI...
CVE-2023-0381
The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...
CVE-2022-4759
The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2015-9353
The gigpress plugin before 2.3.11 for WordPress has SQL injection in the admin area, a different vulnerability than CVE-2015-4066...
WordPress GigPress Plugin <= 2.3.29 is vulnerable to Cross Site Scripting (XSS)
Software GigPress Type Plugin Vulnerable versions = 2.3.29 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7233 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID c045bab20df5 Credits Bob Matyas Required privilege...
CVE-2023-7233
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-7233
CVE-2023-7233 affects the GigPress WordPress plugin up to version 2.3.29. Affected component: plugin settings not sanitised/escaped, enabling Stored Cross-Site Scripting by high-privilege users (e.g., Administrators) even when unfiltered_html is disallowed (multisite scenarios). Documented detail...
CVE-2023-7233 GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-7233 GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin GigPress Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15239 · WordPress · Gigpress
Name of the Vulnerable Software and Affected Versions: GigPress WordPress plugin versions 2.3.29 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...
GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "GigPress Settings" 2...
GigPress <= 2.3.29 - Admin+ Stored Cross Site Scripting
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "GigPress Settings" 2. Enter...
WordPress GigPress Plugin <= 2.3.28 is vulnerable to SQL Injection
Software GigPress Type Plugin Vulnerable versions = 2.3.28 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-0381 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 621aa3005525 Credits Erwan LR WPScan Required privilege Subscriber Published ...
CVE-2023-0381
The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks...