92 matches found
CVE-2024-54417
Missing Authorization vulnerability in pixelgrade PixProof pixproof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through = 2.0.1...
PT-2024-36305 · Pixelgrade · Pixproof
Name of the Vulnerable Software and Affected Versions: Pixelgrade PixProof versions prior to 2.0.1 Description: The issue is related to a missing authorization vulnerability in Pixelgrade PixProof, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This...
CVE-2024-8241
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-8241 Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute
The Nova Blocks by Pixelgrade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' attribute of the 'wp:separator' Gutenberg block in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-8241
Nova Blocks by Pixelgrade for WordPress is affected by a Stored XSS in the wp:separator Gutenberg block via the align attribute, affecting versions up to 2.1.7. Root cause: insufficient input sanitization and output escaping of user-supplied attributes. Impact: authenticated attackers with contri...
WordPress Nova Blocks by Pixelgrade plugin <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via align Attribute vulnerability discovered by Francesco Carlucci in WordPress Plugin Nova Blocks versions = 2.1.7...
WordPress plugin Nova Blocks by Pixelgrade 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
WordPress Nova Blocks by Pixelgrade Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Nova Blocks by Pixelgrade Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8241 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1f5ae0b10869 Credits Francesco...
CVE-2023-27633
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...
CVE-2023-27633
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...
CVE-2023-27633 WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Pixelgrade Customify – Intuitive Website Styling plugin = 2.10.4 versions...
CVE-2023-27633
The CVE-2023-27633 entry concerns the WordPress plugin Customify (Pixelgrade) with a CSRF vulnerability in versions
CVE-2023-23702
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
CVE-2023-23702
CVE-2023-23702 is a stored XSS vulnerability in the Pixelgrade Comments Ratings WordPress plugin (versions ≤ 1.1.7) exploitable by users with admin+ privileges. The issue permits injection of malicious scripts via the plugin’s input surface and is rated medium by CVSS (base 4.8–4.9 in sources). P...
CVE-2023-23702 WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pixelgrade Comments Ratings plugin = 1.1.7 versions...
PT-2023-19141 · Pixelgrade · Pixelgrade Comments Ratings Plugin
Name of the Vulnerable Software and Affected Versions: Pixelgrade Comments Ratings plugin versions prior to 1.1.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with admin+ authentication. This type of vulnerability allows an attacker to...