Lucene search
+L

95 matches found

Prion
Prion
added 2021/12/21 9:15 a.m.17 views

Design/Logic Flaw

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

5.5CVSS8AI score0.01006EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/12/21 8:45 a.m.62 views

CVE-2021-24739

CVE-2021-24739 involves the WordPress Logo Carousel plugin prior to 3.4.2. Affected: Logo Carousel WordPress plugin versions before 3.4.2. Issue: authorization flaw allowing users with role as low as Contributor to duplicate and view arbitrary private posts via the Carousel Duplication feature. R...

8.1CVSS8AI score0.01006EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/12/21 8:45 a.m.55 views

CVE-2021-24738

The CVE-2021-24738 entry concerns the WordPress Logo Carousel plugin prior to version 3.4.2. The vulnerability arises from a failure to validate and escape the “Logo Margin” option, enabling Stored Cross-Site Scripting (XSS) by users with as little as Contributor privileges. The issue is confirme...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

WordPress 插件授权问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...

8.1CVSS5.9AI score0.01006EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.3 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Logo Carousel plugin has a cross-site scripting vulnerability in versions prior to 3.4.2, which stems from a lack o...

5.4CVSS5.2AI score0.00604EPSS
Exploits2References2
Patchstack
Patchstack
added 2021/11/22 12:0 a.m.13 views

WordPress Logo Carousel plugin <= 3.4.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...

5.4CVSS1.9AI score0.00604EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/11/22 12:0 a.m.20 views

WordPress Logo Carousel plugin <= 3.4.1 - Unauthorized Private Post Access vulnerability

Unauthorized Private Post Access vulnerability discovered by apple502j in WordPress Logo Carousel plugin versions = 3.4.1. Solution Update the WordPress Logo Carousel plugin to the latest available version at least 3.4.2...

8.1CVSS3.2AI score0.01006EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.146 views

Logo Carousel < 3.4.2 - Unauthorised Private Post Access

The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature 1 Go to Logo Carousel - Shortcode Generator. 2 If there is no carousel, create one. 3 Copy URL of the "Duplicate" link under the carouse...

8.1CVSS0.6AI score0.01006EPSS
Exploits2
wpexploit
wpexploit
added 2021/11/22 12:0 a.m.161 views

Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting

The plugin does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks 1 Make a new carousel /wp-admin/post-new.php?posttype=splcshortcodes 2 Set "Logo Margin" of the Style Setting to the...

5.4CVSS0.3AI score0.00604EPSS
Exploits2
CNVD
CNVD
added 2019/10/11 12:0 a.m.3 views

WordPress kiwi-logo-carousel plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. kiwi-logo-carousel is a rotating effect plugin used in it. A cross-site request forgery vulnerability exists in WordPress kiwi-logo-carousel plugin...

6.5CVSS6.7AI score0.00867EPSS
Exploits1References1
NVD
NVD
added 2019/09/26 2:15 a.m.13 views

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos&page=kwlogossettings tab or tabflagsorder parameter...

6.5CVSS6.4AI score0.00867EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/09/26 1:12 a.m.18 views

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos&page=kwlogossettings tab or tabflagsorder parameter...

6.3AI score0.00867EPSS
Exploits1References3
CVE
CVE
added 2019/09/26 1:12 a.m.147 views

CVE-2015-9434

The CVE relates to the WordPress plugin kiwi-logo-carousel prior to version 1.7.2, where CSRF enables cross-site scripting (XSS) via the wp-admin/edit.php?post_type=kwlogos&page=kwlogos_settings tab or the tab_flags_order parameter. The underlying issue is CSRF that allows an authenticated attack...

6.5CVSS6.2AI score0.00867EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2015/08/13 12:0 a.m.14 views

WordPress Kiwi Logo Carousel Plugin <= 1.7.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameter is "tabflagsorder". Solution Update this plugin...

1.7AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2015/08/13 12:0 a.m.13 views

WordPress Kiwi Logo Carousel Plugin <= 1.7.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Vulnerable parameter is "tabflagsorder". Solution Update this plugin...

1.7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder