CVE-2024-11380 Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress plugin Mini Program API 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2024-16947 · WordPress · Mini Program Api

Name of the Vulnerable Software and Affected Versions: Mini Program API plugin for WordPress versions up to, and including, 1.4.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode due to insufficient input sanitization and output escaping on...

WordPress Mini Program API plugin <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Mini Program API versions = 1.4.5...

CVE-2024-49314

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through = 2.5.2...

CVE-2024-49314 WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through = 2.5.2...

CVE-2024-49314 WordPress JiangQie Free Mini Program plugin <= 2.5.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in jiangqie JiangQie Free Mini Program jiangqie-free-mini-program allows Upload a Web Shell to a Web Server.This issue affects JiangQie Free Mini Program: from n/a through = 2.5.2...

CVE-2024-49314

CVE-2024-49314 concerns the JiangQie Free Mini Program WordPress plugin (versions n/a through 2.5.2). Public docs describe an Unrestricted Upload of File with Dangerous Type vulnerability that allows unauthenticated arbitrary file uploads, enabling a potential web shell on the target web server. ...

WordPress plugin JiangQie Free Mini Program 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress plugin...

PT-2024-33454 · Unknown · Jiangqie Free Mini Program

Name of the Vulnerable Software and Affected Versions: JiangQie Free Mini Program versions n/a through 2.5.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to significant security...

WordPress JiangQie Free Mini Program Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software JiangQie Free Mini Program Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-49314 Patch priority High CVSS severity High 10 Developer Claim ownership PSID be9e9805193d Credits stealthcopter Required privileg...

CVE-2024-8485

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo due to missing validation on the 'openid' user controlled key that determines what user will be updated. This makes it...

WordPress plugin REST API TO MiniProgram 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress REST API TO MiniProgram plugin <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover vulnerability

Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover vulnerability discovered by wesley wcraft in WordPress Plugin REST API TO MiniProgram versions = 4.7.1...

PT-2024-39050 · WordPress · Rest Api To Miniprogram

Name of the Vulnerable Software and Affected Versions: REST API TO MiniProgram plugin for WordPress versions up to, and including, 4.7.1 Description: The issue is related to SQL Injection via the order parameter of the "/wp-json/watch-life-net/v1/comment/getcomments" API endpoint. This is due to...

Malicious code in @ks-radar/mini-program (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-2663 Malicious code in @ks-radar/mini-program (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2023-43299

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

CVE-2021-40180

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts...

Design/Logic Flaw

In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive information from a user's address book via wx.searchContacts...