10 matches found
CVE-2024-8056
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
WordPress MM-Breaking News plugin <= 0.7.9 - Stored XSS via CSRF vulnerability
Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin MM-Breaking News versions = 0.7.9...
CVE-2024-8054
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-8054
The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-8056 MM-Breaking News <= 0.7.9 - Reflected XSS
The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2024-8056
CVE-2024-8056 affects MM-Breaking News WordPress plugin (versions ≤ 0.7.9). Root cause: failure to escape $_SERVER['REQUEST_URI'] when emitting it inside an HTML attribute, enabling Reflected Cross-Site Scripting in older browsers. Public sources (including Red Hat advisory and Patchstack) corrob...
CVE-2024-8054
CVE-2024-8054 concerns the MM-Breaking News WordPress plugin (versions up to 0.7.9). Public data states lack of CSRF checks in some areas, plus missing sanitization and escaping, enabling a logged-in admin to add Stored XSS payloads via CSRF. Red Hat entry reiterates the issue verbatim. Patch gui...
WordPress MM-Breaking News Plugin <= 0.7.9 is vulnerable to Cross Site Scripting (XSS)
Software MM-Breaking News Type Plugin Vulnerable versions = 0.7.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8056 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2e6bf25242a Credits Bob Matyas Required...
WordPress MM-Breaking News Plugin <= 0.7.9 is vulnerable to Cross Site Scripting (XSS)
Software MM-Breaking News Type Plugin Vulnerable versions = 0.7.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8054 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d3d2c555b3e Credits Daniel Ruf Required...
PT-2024-38777 · WordPress · Mm-Breaking News
Name of the Vulnerable Software and Affected Versions: MM-Breaking News WordPress plugin versions 0.7.9 and earlier Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...