PT-2023-20719 · WordPress · Aleksandr Guidrevitch Wp Meteor Website Speed Optimization Addon

Name of the Vulnerable Software and Affected Versions: Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin versions prior to 3.1.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into...

Malicious code in meteor-uploadcare-widget-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 524e985710633866c8a77431e4ded18aa911c225db74bb40da3457894383be3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-591 Malicious code in meteor-uploadcare-widget-demo (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 524e985710633866c8a77431e4ded18aa911c225db74bb40da3457894383be3d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

WordPress WP Meteor Page Speed Optimization Topping Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Meteor Page Speed Optimization Topping Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8de9aef541d5...

CVE-2022-4486

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4486

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

Cross site scripting

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4486 Meteor Slides < 1.5.7 - Contributor+ Stored XSS

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

CVE-2022-4486

The Meteor Slides WordPress plugin prior to version 1.5.7 is affected. It does not validate or escape certain shortcode attributes before output, enabling Stored XSS where a low-privilege user (contributor) could impact high-privilege users (admins). The issue is documented across multiple source...

CVE-2022-4486 Meteor Slides < 1.5.7 - Contributor+ Stored XSS

The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...

PT-2023-14561 · WordPress · Meteor Slides

Name of the Vulnerable Software and Affected Versions: Meteor Slides WordPress plugin versions prior to 1.5.7 Description: The issue concerns the Meteor Slides WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them back in the page...

WordPress plugin Meteor Slides 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

Meteor Slides < 1.5.7 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. meteorslidesh...

CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

CVE-2022-41960 BigBlueButton contains DoS via failed authToken validation

BigBlueButton is an open source web conferencing system. Versions prior to 2.4.3, are subject to Insufficient Verification of Data Authenticity, resulting in Denial of Service. An attacker can make a Meteor call to validateAuthToken using a victim's userId, meetingId, and an invalid authToken. Th...

Rocket.Chat Input Validation Error Vulnerability

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...

Rocket.Chat getUserMentionsByChannel meteor server authorization issues vulnerability

Rocket.Chat is an open source team chat software. A vulnerability exists in Rocket.Chat prior to version 5.0 due to an authorization issue, which stems from a leak in the getUserMentionsByChannel meteor server method that can be exploited by an attacker to obtain sensitive information...

Rocket.Chat getUserMentionsByChannel meteor server information disclosure vulnerability

Rocket.Chat is an open source team chat software. A message disclosure vulnerability exists in Rocket.Chat versions prior to 5.0, which stems from the getUserMentionsByChannel meteor server method disclosing messages from private channels and direct messages, regardless of the user's access right...

Rocket.Chat getRoomRoles Meteor Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2, which stems from a lack of ACL checking in its getRoomRoles Meteor method, and can be exploited by an attacker to cause a...

Rocket.Chat getS3FileUrl Meteor Information Disclosure Vulnerability

Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...