29 matches found
EUVD-2018-17064
Malware in sbrugna...
EUVD-2018-17065
Malware in sbrugna...
EUVD-2022-51601
Malicious code in bioql PyPI...
CVE-2022-4243
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4243
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4243
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
Cross site scripting
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4243
The CVE-2022-4243 vulnerability affects the ImageInject WordPress plugin up to version 1.17, where certain settings are not properly sanitised/escaped. This allows stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). Several sources (NV...
CVE-2022-4243 ImageInject <= 1.17 - Admin+ Stored XSS
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4243 ImageInject <= 1.17 - Admin+ Stored XSS
The ImageInject WordPress plugin through 1.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin ImageInject 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2022-26432 · WordPress · Imageinject
Name of the Vulnerable Software and Affected Versions: ImageInject WordPress plugin versions 1.17 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in...
ImageInject <= 1.17 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. POST...
ImageInject <= 1.17 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC POST...
WordPress ImageInject plugin 1.15 - Stored Cross-Site Scripting vulnerability
Stored Cross-Site Scripting vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via the flickrappid parameter to wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
WordPress ImageInject Plugin < 1.16 Multiple Vulnerabilities
The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
WordPress ImageInject plugin 1.15 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability found by wpl0v3r in WordPress ImageInject plugin version 1.15. Vulnerable via wp-admin/options-general.php. Solution 1/9/2018 - we were unable to find a patched version of the plugin. Dangerous to use...
CVE-2018-5284
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
Design/Logic Flaw
The ImageInject plugin 1.15 for WordPress has XSS via the flickrappid parameter to wp-admin/options-general.php...
CVE-2018-5285
The ImageInject plugin 1.15 for WordPress has CSRF via wp-admin/options-general.php...