155 matches found
CVE-2023-30785
CVE-2023-30785 affects the WordPress Video Grid plugin by I Thirteen Web Solution. Versions
CVE-2023-30785 WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Video Grid plugin = 1.21 versions...
PT-2023-22978 · I Thirteen Web Solution · I Thirteen Web Solution Video Gallery Plugin
Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Video Grid plugin versions 1.21 and earlier Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially...
CVE-2023-36385 WordPress PostX plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.This issue affects PostX: from n/a through = 2.9.9...
CVE-2021-4423 RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass
The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgdinsertupdate function. This makes it possible for unauthenticated attackers to update post fields via a forged...
CVE-2021-4423 RAYS Grid <= 1.2.2 - Cross-Site Request Forgery Bypass
The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgdinsertupdate function. This makes it possible for unauthenticated attackers to update post fields via a forged...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in RadiusTheme The Post Grid plugin = 5.0.4 versions...
CVE-2022-46853 WordPress The Post Grid Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in RadiusTheme The Post Grid plugin = 5.0.4 versions...
WordPress Video Grid Plugin <= 1.21 is vulnerable to Cross Site Scripting (XSS)
Software Video Grid Type Plugin Vulnerable versions = 1.21 Fixed in 1.22 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30785 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b4d82d8cb320 Credits yuyudhn Required privile...
The Post Grid <= 5.0.4 - Settings Update via CSRF
The plugin does not have CSRF check when updating its settings, which could allow attackers to make logged-in admins perform such action via a CSRF attack...
PT-2023-16011 · WordPress · Post Grid
Name of the Vulnerable Software and Affected Versions: The Post Grid, Post Carousel, & List Category Posts WordPress plugin versions prior to 2.4.19 Description: The issue concerns a lack of validation and escaping of certain block options in the plugin, which could allow users with the contribut...
com.amashchenko.struts2.actionflow:struts2-actionflow-plugin (=2.4.0), com.amashchenko.struts2.actionflow:struts2-actionflow-showcase (=2.4.0) +68 more potentially affected by CVE-2016-3087 via org.apache.struts:struts2-core (>=2.3.1.1 <=2.3.20.1)
org.apache.struts:struts2-core MAVEN version =2.3.1.1, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.1.0, =1.1.0, =2.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-grid-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-mobile-plugin...
Wordpress Post Grid plugin跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Post Grid plugin version 2.1.16 previously had a cross-site scripting vulnerability that could be exploited by attackers to...
Wordpress Post Grid plugin cross-site scripting vulnerability (CNVD-2022-44253)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Post Grid plugin version prior to 2.1....
CVE-2022-0447
The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2021-24986
The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Grid with a search form...
CVE-2022-0447 Post Grid < 2.1.16 - Reflected Cross-Site Scripting via post_types
The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the posttypes parameter before outputting it back in the response of the postgridupdatetaxonomiestermsbyposttypes AJAX action, available to any authenticated users, leading to a Reflected Cross-Site Scripting...
WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.5.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Harshit aka fumenoid and Sidhhant Chouhan aka sidchn in WordPress Image Photo Gallery Final Tiles Grid plugin versions = 3.5.2. Solution Update the WordPress Image Photo Gallery Final Tiles Grid plugin to the latest available version at...
WordPress 插件 跨站脚本漏洞
WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin PostX, which stems from the PostX - Gutenberg Blocks for Post Grid WordPress plugin prior to 2.4.10 allows users with roles as low as Contributor to execute a...
WordPress PostX – Gutenberg Blocks for Post Grid plugin <= 2.4.9 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress PostX – Gutenberg Blocks for Post Grid plugin versions = 2.4.9. Solution Update the WordPress PostX – Gutenberg Blocks for Post Grid plugin to the latest available version at least 2.4.10...