EUVD-2024-36724

Malicious code in bioql PyPI...

CVE-2024-37515

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515 WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515 WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515

CVE-2024-37515 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin XPlainer – Product FAQs for WooCommerce (XPlainer – WooCommerce Product FAQ). Affected versions are 1.6.3 and earlier. The issue arises from improper neutralization of input during web page generation, ...

PT-2024-27620 · Woocommerce · Xplainer - Woocommerce Product Faq

Name of the Vulnerable Software and Affected Versions: XPlainer - WooCommerce Product FAQ versions 1.6.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS...

CVE-2024-5669

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffwactivatetemplate' function in all versions up to, and including, 1.7.0. This makes it possible for...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.7.0...

PT-2024-36999 · Woocommerce · Xplainer - Woocommerce Product Faq

Name of the Vulnerable Software and Affected Versions: The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin versions up to, and including, 1.6.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b5e6735c62a0 Credits...

WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.6.3...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37515 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 4539c5a9e2c2 Credits LVT-tholv2k...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.5.0...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.3.35 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.3.35 Fixed in 1.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9c00776efd55 Credits Rafie Muhammad...