103 matches found
WordPress plugin Portfolio 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2024-11867 Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-11867 Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Companion Portfolio – Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied...
CVE-2019-25221
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
CVE-2024-11765 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsportfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization a...
CVE-2024-11765 WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gsportfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization a...
WordPress plugin Portfolio 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress plugin Responsive Filterable Portfolio 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
PT-2024-34911 · Unknown · I Thirteen Web Solution Responsive Filterable Portfolio
Name of the Vulnerable Software and Affected Versions: I Thirteen Web Solution Responsive Filterable Portfolio versions 1.0.0 through 1.0.22 Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to perform Server Side Request Forgery. This can...
WordPress Responsive Filterable Portfolio Plugin <= 1.0.22 is vulnerable to Server Side Request Forgery (SSRF)
Software Responsive Filterable Portfolio Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-51785 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...
WordPress Phlox Portfolio Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Phlox Portfolio Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3587 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2481f1e17cc6 Credits wesley wcraft Required...
WordPress plugin Portfolio 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2014-125109
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...
Cross site scripting
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...
CVE-2014-125109
The CVE-2014-125109 entry concerns the BestWebSoft Portfolio Plugin (WordPress) up to version 2.27, specifically the function bws_add_menu_render in bws_menu/bws_menu.php. The vulnerability arises from manipulation of the bwsmn_form_email argument, enabling cross-site scripting (XSS). Exploitatio...
CVE-2014-125109 BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...
CVE-2014-125109
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bwsaddmenurender of the file bwsmenu/bwsmenu.php. The manipulation of the argument bwsmnformemail leads to cross site scripting. The attack can be...
CVE-2012-10017
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...
Cross site request forgery (csrf)
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...
CVE-2012-10017 BestWebSoft Portfolio Plugin cross-site request forgery
A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to addres...