Lucene search
+L

47 matches found

cnnvd
cnnvd
added 2024/06/20 12:0 a.m.6 views

WordPress theme Materialis security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.8AI score0.00369EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2024/06/20 12:0 a.m.7 views

PT-2024-12291 · WordPress · Materialis

Name of the Vulnerable Software and Affected Versions: Materialis theme for WordPress versions up to, and including, 1.1.24 Description: The issue is due to missing authorization checks on the companion disable popup function called via an AJAX action. This allows authenticated attackers, with...

6.5CVSS6.8AI score0.00369EPSS
Exploits0References7
patchstack
patchstack
added 2024/06/19 1:5 p.m.6 views

WordPress Materialis theme <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update vulnerability

Missing Authorization to Limited Arbitrary Options Update vulnerability discovered by Gibran Abdillah in WordPress Theme Materialis versions = 1.1.24...

6.5CVSS7AI score0.00369EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/19 12:0 a.m.14 views

WordPress Materialis Theme <= 1.1.24 is vulnerable to Broken Access Control

Software Materialis Type Theme Vulnerable versions = 1.1.24 Fixed in 1.1.30 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3204 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e1b70e9d38bc Credits Gibran Abdillah Required privilege...

6.5CVSS6.6AI score0.00369EPSS
Exploits0References3Affected Software1
osv
osv
added 2024/06/06 4:15 a.m.7 views

CVE-2024-4707

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

5.4CVSS5.9AI score0.00322EPSS
Exploits0References3
nvd
nvd
added 2024/06/06 4:15 a.m.36 views

CVE-2024-4707

The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

6.4CVSS5.7AI score0.00322EPSS
Exploits0References3
cve
cve
added 2024/06/06 3:32 a.m.54 views

CVE-2024-4707

CVE-2024-4707 is a vulnerability in the Materialis Companion WordPress plugin (WordPress plugin) that enables Stored Cross-Site Scripting via the plugin shortcode materialis_contact_form. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, affect...

6.4CVSS5.5AI score0.00322EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2024/06/06 2:43 a.m.6 views

WordPress Materialis Companion plugin <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode vulnerability

Authenticated Contributor+ Store Cross-Site Scripting via materialiscontactform Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Materialis Companion versions = 1.3.41...

6.4CVSS6.4AI score0.00322EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2024/06/06 12:0 a.m.17 views

WordPress Materialis Companion Plugin <= 1.3.41 is vulnerable to Cross Site Scripting (XSS)

Software Materialis Companion Type Plugin Vulnerable versions = 1.3.41 Fixed in 1.3.42 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c2a53380a7a Credits stealthcopter...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2024/06/06 12:0 a.m.6 views

WordPress plugin Materialis Companion security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.8AI score0.00322EPSS
Exploits0References4
wpvulndb
wpvulndb
added 2024/06/05 12:0 a.m.8 views

Materialis Companion < 1.3.42 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode

Description The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2024/06/05 12:0 a.m.6 views

PT-2024-32387 · WordPress · Materialis Companion

Name of the Vulnerable Software and Affected Versions: Materialis Companion plugin for WordPress versions up to, and including, 1.3.41 Description: The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis contact form shortcode due to...

6.4CVSS5.9AI score0.00322EPSS
Exploits0References8
osv
osv
added 2023/06/07 2:15 a.m.6 views

CVE-2019-25142

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

8.8CVSS5.8AI score0.0131EPSS
Exploits1References7
nvd
nvd
added 2023/06/07 2:15 a.m.24 views

CVE-2019-25142

The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...

8.8CVSS8.5AI score0.0131EPSS
Exploits1References7
cve
cve
added 2023/06/07 1:51 a.m.49 views

CVE-2019-25142

The Mesmerize (up to 1.6.89) and Materialis (up to 1.0.172) WordPress themes are vulnerable to authenticated options changes due to companion_disable_popup not fully validating input before update_option. This allows authenticated attackers to modify restricted options. Remediation: upgrade Mesme...

8.8CVSS8.3AI score0.0131EPSS
Exploits1References7Affected Software2
cnnvd
cnnvd
added 2023/06/07 12:0 a.m.6 views

WordPress theme Mesmerize & Materialis 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in the WordPress theme Mesmerize & Materialis, which stems from the fact that...

8.8CVSS7.9AI score0.0131EPSS
Exploits1References8
ptsecurity
ptsecurity
added 2023/06/07 12:0 a.m.12 views

PT-2023-11369 · Unknown +1 · Materialis +1

Name of the Vulnerable Software and Affected Versions: Mesmerize versions up to, and including, 1.6.89 Materialis versions up to, and including, 1.0.172 Description: The issue allows authenticated attackers to change restricted options due to the companion disable popup function only checking the...

8.8CVSS8.5AI score0.0131EPSS
Exploits1References10
nvd
nvd
added 2023/02/06 8:15 p.m.23 views

CVE-2022-4762

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.3AI score0.00605EPSS
Exploits2References1
osv
osv
added 2023/02/06 8:15 p.m.4 views

CVE-2022-4762

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00605EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2023/02/06 7:59 p.m.6 views

CVE-2022-4762 Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode

The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1AI score0.00605EPSS
Exploits2References1
Rows per page
Query Builder