WordPress List category posts plugin <= 0.89.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin List category posts versions = 0.89.6...

Essential Addons for Elementor < 5.9.14 - Unauthenticated Private/Draft Posts Access

Description The plugin is vulnerable to Sensitive Information Exposure via the loadmore function. This can allow unauthenticated attackers to extract sensitive data including private and draft posts...

WordPress List category posts Plugin <= 0.89.6 is vulnerable to Cross Site Scripting (XSS)

Software List category posts Type Plugin Vulnerable versions = 0.89.6 Fixed in 0.89.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1051 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a918041d1b8e Credits Ngô Thiên An ancor...

PT-2024-16330 · WordPress · List Category Posts Plugin

Name of the Vulnerable Software and Affected Versions: List category posts plugin for WordPress versions up to, and including, 0.89.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode due to insufficient input sanitization and output escaping on...

WordPress Plugin List category posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

New iMessage Phishing Campaign Targets Postal Service Users Globally

By Waqas Some of the known targets of this iMessage phishing campaign are USPS the United States Postal Service, DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users...

SUSE CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

PT-2024-20395 · WordPress · Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Inline Related Posts WordPress plugin versions prior to 3.5.0 Description: The issue concerns the Inline Related Posts WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high-privilege users,...

CVE-2023-7251

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

CVE-2023-7251

CVE-2023-7251 affects the WordPress plugin User Submitted Posts (versions

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

CVE-2023-7251 WordPress User Submitted Posts plugin <= 20230901 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jeff Starr User Submitted Posts allows Stored XSS.This issue affects User Submitted Posts: from n/a through 20230901...

WordPress Plugin User Submitted Posts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

DEBIAN-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

UBUNTU-CVE-2024-29025

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The HttpPostRequestDecoder can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits ...

Meta Box < 5.9.4 - Contributor+ Arbitrary Posts' Custom Field Disclosure

Description The plugin does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts. 1. ADMIN: Install Meta Box 2. ADMIN: Add Meta Box fields through code or the premium add-on...

Newsmatic < 1.3.5 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content

Description The Newsmatic theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.0 via the 'newsmaticfilterpostsloadtabcontent'. This makes it possible for unauthenticated attackers to view draft posts and post content...

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts When logged in as a subscriber, open the following URL and note that the conten...

Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read

Description The plugin does not ensure that post content displayed via an AJAX action are accessible to the user, allowing any authenticated user, such as subscriber to retrieve the content of password protected posts PoC When logged in as a subscriber, open the following URL and note that the...

CVE-2024-1785 Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...