WordPress Plugin Menu Swapper 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-11886 · WordPress · Menu Swapper

Name of the Vulnerable Software and Affected Versions: Menu Swapper plugin for WordPress versions up to, and including, 1.1.0.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the mswp save meta function. This allows unauthenticated...

big-map-archive-api-client (>=0.0.1 <=1.2.0), dash-tools (>=1.6.0 <=1.11.1) +16 more potentially affected by CVE-2023-31543 via pipreqs (>=0.4.10 <=0.4.11)

pipreqs PYPI version =0.4.10, =0.0.1, =1.6.0, =0.0.6, =1.0.3, =1.1.5, =0.3.37, =0.0.5, =0.2.20, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-31543 Source advisory: OSV:PYSEC-2023-99...

Unauthorized access to Survey menu entries

Description The application is not properly verifying the authorization of users accessing survey menu entries. Proof of Concept 1. Login as a user with limited privilege. In my case the user permission is set as follows and has no access to surveys. 2. Visit...

June 27, 2023—KB5027303 (OS Build 22621.1928) Preview

June 27, 2023—KB5027303 OS Build 22621.1928 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to fi...

PT-2023-7510 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...

WordPress Float menu Plugin < 5.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Float menu Type Plugin Vulnerable versions 5.0.3 Fixed in 5.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3225 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59d256b130ab Credits Dipak Panchal th3.d1pak Require...

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a new item in the plugin settings 2...

Float menu < 5.0.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new item in the plugin settings 2. Enter...

GHSA-98FP-R22G-WPJ7 Jenkins CSRF protection bypass vulnerability

Jenkins provides context menus for various UI elements, like links to jobs and builds, or breadcrumbs. In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided value...

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

Code injection

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

CVE-2023-35141

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...

PT-2023-25161 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.399 and earlier, LTS versions 2.387.3 and earlier Description: The issue arises when POST requests are sent to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a...

Cross site scripting

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPre...

WordPress Plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress Plugin Float men...

PT-2023-19080 · WordPress · Float Menu +11

Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...