47 matches found
WordPress theme Materialis security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-12291 · WordPress · Materialis
Name of the Vulnerable Software and Affected Versions: Materialis theme for WordPress versions up to, and including, 1.1.24 Description: The issue is due to missing authorization checks on the companion disable popup function called via an AJAX action. This allows authenticated attackers, with...
WordPress Materialis theme <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update vulnerability
Missing Authorization to Limited Arbitrary Options Update vulnerability discovered by Gibran Abdillah in WordPress Theme Materialis versions = 1.1.24...
WordPress Materialis Theme <= 1.1.24 is vulnerable to Broken Access Control
Software Materialis Type Theme Vulnerable versions = 1.1.24 Fixed in 1.1.30 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-3204 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e1b70e9d38bc Credits Gibran Abdillah Required privilege...
CVE-2024-4707
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2024-4707
The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...
CVE-2024-4707
CVE-2024-4707 is a vulnerability in the Materialis Companion WordPress plugin (WordPress plugin) that enables Stored Cross-Site Scripting via the plugin shortcode materialis_contact_form. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, affect...
WordPress Materialis Companion plugin <= 1.3.41 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode vulnerability
Authenticated Contributor+ Store Cross-Site Scripting via materialiscontactform Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Materialis Companion versions = 1.3.41...
WordPress Materialis Companion Plugin <= 1.3.41 is vulnerable to Cross Site Scripting (XSS)
Software Materialis Companion Type Plugin Vulnerable versions = 1.3.41 Fixed in 1.3.42 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4707 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8c2a53380a7a Credits stealthcopter...
WordPress plugin Materialis Companion security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Materialis Companion < 1.3.42 - Authenticated (Contributor+) Store Cross-Site Scripting via materialis_contact_form Shortcode
Description The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialiscontactform shortcode in all versions up to, and including, 1.3.41 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...
PT-2024-32387 · WordPress · Materialis Companion
Name of the Vulnerable Software and Affected Versions: Materialis Companion plugin for WordPress versions up to, and including, 1.3.41 Description: The Materialis Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's materialis contact form shortcode due to...
CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...
CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...
CVE-2019-25142
The Mesmerize (up to 1.6.89) and Materialis (up to 1.0.172) WordPress themes are vulnerable to authenticated options changes due to companion_disable_popup not fully validating input before update_option. This allows authenticated attackers to modify restricted options. Remediation: upgrade Mesme...
WordPress theme Mesmerize & Materialis 安全漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in the WordPress theme Mesmerize & Materialis, which stems from the fact that...
PT-2023-11369 · Unknown +1 · Materialis +1
Name of the Vulnerable Software and Affected Versions: Mesmerize versions up to, and including, 1.6.89 Materialis versions up to, and including, 1.0.172 Description: The issue allows authenticated attackers to change restricted options due to the companion disable popup function only checking the...
CVE-2022-4762
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4762
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4762 Materialis Companion < 1.3.40 - Contributor+ Stored XSS via Shortcode
The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...