74 matches found
WordPress The Ultimate WordPress Toolkit – WP Extended plugin <= 3.0.13 - Missing Authorization to Unauthenticated Post Order Manipulation vulnerability
Missing Authorization to Unauthenticated Post Order Manipulation vulnerability discovered by incognito in WordPress Plugin The Ultimate WordPress Toolkit – WP Extended versions = 3.0.13...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-49321
Missing Authorization vulnerability in Colorlib Simple Custom Post Order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through 2.5.7...
CVE-2024-49321
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2024-49321 WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through = 2.5.7...
CVE-2024-49321
CVE-2024-49321 concerns Colorlib Simple Custom Post Order (WordPress plugin) with a Missing Authorization vulnerability in versions 2.5.7 and earlier. The issue allows broken access control at the plugin level, enabling unauthorized access due to incorrectly configured security levels (privileges...
PT-2024-33462 · Colorlib · Colorlib Simple Custom Post Order
Name of the Vulnerable Software and Affected Versions: Colorlib Simple Custom Post Order versions 2.5.7 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...
WordPress Simple Custom Post Order plugin <= 2.5.7 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Simple Custom Post Order versions = 2.5.7...
WordPress Simple Custom Post Order Plugin <= 2.5.7 is vulnerable to Broken Access Control
Software Simple Custom Post Order Type Plugin Vulnerable versions = 2.5.7 Fixed in 2.5.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-49321 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0c22de4a69ef Credits Rafie Muhammad...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196 WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-27196
CVE-2024-27196 affects the WordPress plugin postMash – custom post order (versions up to and including 1.2.0). Public docs describe a Reflected XSS vulnerability in that plugin. Core details in connected sources specify affected product/version and the nature of the vulnerability (Reflected XSS);...
PT-2024-21732 · WordPress · Postmash
Name of the Vulnerable Software and Affected Versions: postMash – custom post order versions 1.2.0 and earlier Description: The issue is a Cross Site Scripting XSS vulnerability, specifically a Reflected XSS, in the postMash – custom post order plugin. This type of vulnerability allows an attacke...
CVE-2024-25927
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-25927 WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0...
CVE-2024-25927
CVE-2024-25927 refers to a SQL Injection vulnerability in the WordPress plugin postMash – custom post order, affecting versions up to and including 1.2.0. The issue arises from improper neutralization of elements in SQL commands (SQLi). The available connected documents confirm it is exploitable ...
WordPress Plugin postMash - custom post order SQL injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress Plugin postMash - custom post order A SQL...
PT-2024-21220 · Postmash · Postmash
Name of the Vulnerable Software and Affected Versions: postMash – custom post order versions 1.2.0 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as a SQL Injection vulnerability. This vulnerability affects the...