269 matches found
CVE-2023-6941
The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...
Cross site scripting
The Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite set...
CVE-2023-6941
The CVE concerns the Keap Official Opt-in Forms WordPress plugin, affected versions 1.0.11 and earlier. The vulnerability is Admin+ Stored XSS caused by insufficient sanitisation/escaping of settings (e.g., Opt in title, message, success text), which can execute scripts in the context of high-pri...
WordPress Plugin Keap Official Opt-in Forms Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
PT-2024-15133 · WordPress · Keap Official Opt-In Forms
Name of the Vulnerable Software and Affected Versions: Keap Official Opt-in Forms WordPress plugin versions 1.0.11 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some...
GovernorOLAS is susceptible to DOS via proposal frontrunning
Lines of code Vulnerability details Impact The GovernorOLAS contract inherits from OpenZeppelin's GovernorCompatibilityBravo v4.8.3, which has a known vulnerability in the proposal creation process that can be exploited to halt proposals sent to the governor. The root cause of this vulnerability ...
WordPress Keap Official Opt-in Forms Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Keap Official Opt-in Forms Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52192 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 43abbc32aaec Credits Ngô Thiên An ancorn from...
Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Store the script in non-sanitized...
Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. PoC 1. Store the script in...
Analytify Dashboard < 5.1.1 - Missing Authorization to Opt-In
Description The Analytify Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optinyes function in versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber-level and above acces...
opt-in-manager.com Cross Site Scripting vulnerability OBB-3777319
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Pretty Opt In Lite – Content Locker for Lead Generation Plugin <= 1.3.13 is vulnerable to Cross Site Scripting (XSS)
Software Pretty Opt In Lite – Content Locker for Lead Generation Type Plugin Vulnerable versions = 1.3.13 Fixed in 1.3.14 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 550b1e29c12...
HTTP::Tiny before 0.083 a Perl core module since 5.13.9 and available standalone on CPAN has an insecure default TLS configuration where users must opt in to verify certificates.
...
CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin
OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...
Apple Expands Its On-Device Nudity Detection to Combat CSAM
Instead of scanning iCloud for illegal content, Apple’s tech will locally flag inappropriate images for kids. And adults are getting an opt-in nudes filter too...
GHSA-JH85-WWV9-24HV Any file can be included with the pymdown-snippets extension
Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...
Twitter Finally Rolling Out Encrypted Direct Messages — Starting with Verified Users
Twitter is officially beginning to roll out support for encrypted direct messages DMs on the platform, more than five months after its chief executive Elon Musk confirmed plans for the feature in November 2022. The "Phase 1" of the initiative will appear as separate conversations alongside existi...
SUSE CVE-2023-31486
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates...
Four EU telco giants will start asking users if they want personalized targeted ads
They say you can't have too much of a good thing. Unfortunately, this applies to ads, too, whether you think they're a good thing or not. Soon, Europes four biggest telecommunication companies--Germany's Deutsche Telekom DK, France's Orange, Spain's Telefonica, and the UK's Vodafone Group--will...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin = 1.0.15 versions...