19 matches found
EUVD-2025-15346
Malicious code in bioql PyPI...
EUVD-2025-15351
Malicious code in bioql PyPI...
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Nokaut Offers Box plugin <= 1.4.0 - Plugin Reset via CSRF vulnerability
Plugin Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Nokaut Offers Box versions = 1.4.0...
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10634
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632 Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10634 Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10634 Nokaut Offers Box <= 1.4.0 - Plugin Reset via CSRF
The Nokaut Offers Box WordPress plugin through 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset the Nokaut Offers Box WordPress plugin through 1.4.0 via a CSRF attack...
CVE-2024-10632
The CVE-2024-10632 entry concerns the Nokaut Offers Box WordPress plugin (versions 1.4.0 and earlier). The underlying issue is that the plugin does not sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as...
CVE-2024-10632 Nokaut Offers Box <= 1.4.0 - Admin+ Stored XSS
The Nokaut Offers Box WordPress plugin through 1.4.0 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10634
The CVE-2024-10634 entry concerns the Nokaut Offers Box WordPress plugin (versions ≤ 1.4.0). Affected component: plugin settings update logic lacking CSRF protection, enabling a CSRF attack that could cause a logged-in administrator to reset the plugin. Exploitation details are not provided beyon...
PT-2025-21407 · WordPress · Nokaut Offers Box
Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue concerns the lack of CSRF check when updating settings in the Nokaut Offers Box WordPress plugin. This could allow attackers to make a logged-in admin reset...
PT-2025-21406 · WordPress · Nokaut Offers Box
Name of the Vulnerable Software and Affected Versions: Nokaut Offers Box WordPress plugin versions 1.4.0 and earlier Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize a...
WordPress plugin Nokaut Offers Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Nokaut Offers Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...