CVE-2024-56208 WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through = 1.0.71...

EUVD-2024-33541

Malicious code in bioql PyPI...

CVE-2024-10849

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-37441

CVE-2024-37441 is a CSRF vulnerability in DesertThemes NewsMash (WordPress theme). Affected are NewsMash versions n/a through 1.0.34. The issue enables CSRF; connected sources indicate the vulnerability has been patched in NewsMash, but no fixed version is specified in the provided documents. No ...

WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.71...

CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting

The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress NewsMash theme <= 1.0.34 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme NewsMash versions = 1.0.34...

WordPress NewsMash Theme <= 1.0.34 is vulnerable to Cross Site Request Forgery (CSRF)

Software NewsMash Type Theme Vulnerable versions = 1.0.34 Fixed in 1.0.35 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37441 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2d6553705f29 Credits Dhabaleshwar Das Required...