Lucene search
K

92 matches found

NVD
NVD
added 2024/12/16 3:15 p.m.14 views

CVE-2024-54417

Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...

5.3CVSS0.00524EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.7 views

PT-2024-36305 · Pixelgrade · Pixproof

Name of the Vulnerable Software and Affected Versions: Pixelgrade PixProof versions prior to 2.0.1 Description: The issue is related to a missing authorization vulnerability in Pixelgrade PixProof, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This...

5.3CVSS6.9AI score0.00524EPSS
Exploits0References3
NVD
NVD
added 2024/09/10 10:15 a.m.20 views

CVE-2024-8241

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00352EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/09/10 9:30 a.m.13 views

CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6AI score0.00352EPSS
Exploits0References4
OSV
OSV
added 2024/09/10 9:30 a.m.10 views

CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS6.1AI score0.00352EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/09/10 9:30 a.m.26 views

CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute

The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00352EPSS
Exploits0References4
CVE
CVE
added 2024/09/10 9:30 a.m.42 views

CVE-2024-8241

Nova Blocks by Pixelgrade for WordPress is affected by a Stored XSS in the wp:separator Gutenberg block via the align attribute, affecting versions up to 2.1.7. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Impact: authenticated attackers with contri...

6.4CVSS5.5AI score0.00352EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2024/09/10 1:20 a.m.4 views

WordPress Nova Blocks by Pixelgrade plugin <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin Nova Blocks versions = 2.1.7...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/10 12:0 a.m.4 views

WordPress plugin Nova Blocks by Pixelgrade 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

6.4CVSS5.7AI score0.00352EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/09/10 12:0 a.m.12 views

WordPress Nova Blocks by Pixelgrade Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Nova Blocks by Pixelgrade Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f5ae0b10869 Credits Francesco...

6.4CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/22 2:15 p.m.6 views

CVE-2023-27633

Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...

8.8CVSS7.3AI score0.00295EPSS
Exploits0References1
NVD
NVD
added 2023/11/22 2:15 p.m.26 views

CVE-2023-27633

Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...

8.8CVSS0.00295EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 2:15 p.m.23 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...

6.8CVSS7.3AI score0.00295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/22 1:12 p.m.29 views

CVE-2023-27633 WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...

4.3CVSS9AI score0.00295EPSS
Exploits0References1
CVE
CVE
added 2023/11/22 1:12 p.m.33 views

CVE-2023-27633

The CVE-2023-27633 entry concerns the WordPress plugin Customify (Pixelgrade) with a CSRF vulnerability in versions

8.8CVSS6.5AI score0.00295EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/06 10:15 a.m.4 views

CVE-2023-23702

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

4.8CVSS7.3AI score0.00316EPSS
Exploits0References1
Prion
Prion
added 2023/11/06 10:15 a.m.16 views

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

4.3CVSS6AI score0.00316EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/11/06 9:37 a.m.87 views

CVE-2023-23702

CVE-2023-23702 is a stored XSS vulnerability in the Pixelgrade Comments Ratings WordPress plugin (versions ≤ 1.1.7) exploitable by users with admin+ privileges. The issue permits injection of malicious scripts via the plugin’s input surface and is rated medium by CVSS (base 4.8–4.9 in sources). P...

5.9CVSS4.9AI score0.00316EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 9:37 a.m.32 views

CVE-2023-23702 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...

5.9CVSS5.1AI score0.00316EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.4 views

PT-2023-19141 · Pixelgrade · Pixelgrade Comments Ratings Plugin

Name of the Vulnerable Software and Affected Versions: Pixelgrade Comments Ratings plugin versions prior to 1.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to...

4.8CVSS7.5AI score0.00316EPSS
Exploits0References3
Rows per page
Query Builder