EUVD-2024-27407

Malicious code in bioql PyPI...

CVE-2024-2458

The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

WordPress Powerkit plugin <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Powerkit versions = 2.9.1...

WordPress Powerkit Plugin <= 2.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Powerkit Type Plugin Vulnerable versions = 2.9.1 Fixed in 2.9.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2458 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5e0fc29651eb Credits Francesco Carlucci Required...

CVE-2024-2458 Powerkit – Supercharge your WordPress Site <= 2.9.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-2458

The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

CVE-2024-2458

CVE-2024-2458 affects the Powerkit – Supercharge your WordPress Site plugin for WordPress. It is a Stored XSS via shortcode attributes, present in all versions up to and including 2.9.1 due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor...

WordPress Plugin Powerkit 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-20467 · WordPress · The Powerkit – Supercharge Your Wordpress Site

Name of the Vulnerable Software and Affected Versions: The Powerkit – Supercharge your WordPress Site plugin versions up to, and including, 2.9.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping...

Powerkit – Supercharge your WordPress Site < 2.9.2 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

Powerkit < 2.5.9 - Post Views Settings Update/Reset via CSRF

The plugin does not have CSRF checks when saving or reseting its post views settings, which could allow an attacker to make a logged in admin change or reset them via a CSRF attack PoC...

Powerkit < 2.5.9 - Post Views Settings Update/Reset via CSRF

The plugin does not have CSRF checks when saving or reseting its post views settings, which could allow an attacker to make a logged in admin change or reset them via a CSRF attack...

WordPress Powerkit plugin <= 2.5.8 - Post Views Settings Update/Reset via Cross-Site Request Forgery (CSRF) vulnerability

Post Views Settings Update/Reset via Cross-Site Request Forgery CSRF vulnerability discovered by Jan w Oleju in WordPress Powerkit plugin versions = 2.5.8. Solution Update the WordPress Powerkit plugin to the latest available version at least 2.5.9...