EUVD-2023-59378

Malicious code in bioql PyPI...

CVE-2023-7197

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-7197 Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-7197 Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

WordPress plugin Marketing Twitter Bot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Marketing Twitter Bot Plugin <= 1.11 is vulnerable to Cross Site Scripting (XSS)

Software Marketing Twitter Bot Type Plugin Vulnerable versions = 1.11 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7197 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 895d16e82fa5 Credits Daniel Ruf Required...

Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Have an admin open an HTML page containing the following:...