Lucene search
K

27 matches found

Vulnrichment
Vulnrichment
added 2024/10/04 2:4 a.m.8 views

CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS6.4AI score0.00364EPSS
Exploits0References3
CVE
CVE
added 2024/10/04 2:4 a.m.47 views

CVE-2024-9353

CVE-2024-9353 affects Popularis Extra (WordPress) up to version 1.2.6. The flaw is a Reflected XSS caused by improper escaping when using add_query_arg/remove_query_arg in the URL, exploitable by unauthenticated attackers who lure a user to perform an action. A fix exists in version 1.2.7 (and la...

6.1CVSS6.3AI score0.00364EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/04 2:4 a.m.24 views

CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting

The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...

6.1CVSS0.00364EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/10/04 1:19 a.m.3 views

WordPress Popularis Extra plugin <= 1.2.6 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Popularis Extra versions = 1.2.6...

6.1CVSS6.3AI score0.00364EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/04 12:0 a.m.19 views

WordPress Popularis Extra Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)

Software Popularis Extra Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9353 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a36990b7c214 Credits vgo0 Required...

6.1CVSS5.9AI score0.00364EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.8 views

WordPress plugin Popularis Extra 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.1CVSS6.2AI score0.00364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.5 views

PT-2024-39588 · WordPress · Popularis Extra

Name of the Vulnerable Software and Affected Versions: Popularis Extra plugin for WordPress versions up to, and including, 1.2.6 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg and remove query arg without appropriate escaping on the URL. This...

6.1CVSS6.8AI score0.00364EPSS
Exploits0References8
Rows per page
Query Builder