Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:37 a.m.8 views

CVE-2024-8056

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.1CVSS6.2AI score0.00307EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/09/12 10:42 a.m.5 views

WordPress MM-Breaking News plugin <= 0.7.9 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin MM-Breaking News versions = 0.7.9...

6.1CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2024/09/12 6:15 a.m.4 views

CVE-2024-8054

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.002EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 6:15 a.m.19 views

CVE-2024-8054

The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS0.002EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 6:0 a.m.10 views

CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS

The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

6.2AI score0.00307EPSS
Exploits1References1
CVE
CVE
added 2024/09/12 6:0 a.m.47 views

CVE-2024-8056

CVE-2024-8056 affects MM-Breaking News WordPress plugin (versions ≤ 0.7.9). Root cause: failure to escape $_SERVER['REQUEST_URI'] when emitting it inside an HTML attribute, enabling Reflected Cross-Site Scripting in older browsers. Public sources (including Red Hat advisory and Patchstack) corrob...

6.1CVSS6.3AI score0.00307EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/09/12 6:0 a.m.43 views

CVE-2024-8054

CVE-2024-8054 concerns the MM-Breaking News WordPress plugin (versions up to 0.7.9). Public data states lack of CSRF checks in some areas, plus missing sanitization and escaping, enabling a logged-in admin to add Stored XSS payloads via CSRF. Red Hat entry reiterates the issue verbatim. Patch gui...

6.1CVSS6.2AI score0.002EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.12 views

WordPress MM-Breaking News Plugin <= 0.7.9 is vulnerable to Cross Site Scripting (XSS)

Software MM-Breaking News Type Plugin Vulnerable versions = 0.7.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8056 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2e6bf25242a Credits Bob Matyas Required...

6.1CVSS5.7AI score0.00307EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/09/12 12:0 a.m.12 views

WordPress MM-Breaking News Plugin <= 0.7.9 is vulnerable to Cross Site Scripting (XSS)

Software MM-Breaking News Type Plugin Vulnerable versions = 0.7.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8054 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d3d2c555b3e Credits Daniel Ruf Required...

6.1CVSS5.7AI score0.002EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.7 views

PT-2024-38777 · WordPress · Mm-Breaking News

Name of the Vulnerable Software and Affected Versions: MM-Breaking News WordPress plugin versions 0.7.9 and earlier Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...

6.1CVSS5.6AI score0.002EPSS
Exploits1References7
Rows per page
Query Builder