47 matches found
EUVD-2024-17709
Malicious code in bioql PyPI...
EUVD-2024-45721
Malicious code in bioql PyPI...
EUVD-2024-50676
Malicious code in bioql PyPI...
CVE-2024-1049
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for...
CVE-2024-12203
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘linkcolor’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-51929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in philspectrum Icon Widget icon-widget-with-links allows DOM-Based XSS.This issue affects Icon Widget: from n/a through = 1.1.0...
CVE-2024-9655
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon widget in all versions up to, and including, 6.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
CVE-2022-4763
The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2024-12203 RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘linkcolor’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
CVE-2024-12203 RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘linkcolor’ parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress plugin RSS Icon Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress RSS Icon Widget plugin <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Yamil in WordPress Plugin RSS Icon Widget versions = 5.2...
CVE-2024-8236
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possibl...
CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possibl...
PT-2024-38884 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin for WordPress versions up to, and including, 3.25.7 Description: The issue is related to Stored Cross-Site Scripting via the url parameter of the Icon widget, caused by insufficient input sanitization and outp...
CVE-2024-51929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in philspectrum Icon Widget icon-widget-with-links allows DOM-Based XSS.This issue affects Icon Widget: from n/a through = 1.1.0...
CVE-2024-51929 WordPress Icon Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in philspectrum Icon Widget icon-widget-with-links allows DOM-Based XSS.This issue affects Icon Widget: from n/a through = 1.1.0...
CVE-2024-51929
CVE-2024-51929 is a DOM-based XSS in the WordPress Icon Widget ( Phil Spectrum Icon Widget ) caused by improper input neutralization during page generation. Affected: Icon Widget
CVE-2024-51929 WordPress Icon Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0...
PT-2024-35061 · Unknown · Phil Spectrum Icon Widget
Name of the Vulnerable Software and Affected Versions: Phil Spectrum Icon Widget versions 1.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing DOM-Based XSS. This enables potential attacker...