87 matches found
CVE-2016-10736
CVE-2016-10736 affects the WordPress plugin Social Pug - Easy Social Share Buttons, before version 1.2.6. The vulnerability is an XSS in the wp-admin/admin.php?page=dpsp-toolkit with the dpsp_message_class parameter. Public sources (NVD entry and multiple vulnerability databases) describe it as a...
Social Share Buttons - Social Pug <= 1.2.5 - Authenticated Cross-Site Scripting (XSS)
The Grow by Mediavine WordPress plugin was affected by a Social Pug = 1.2.5 - Authenticated Cross-Site Scripting XSS security vulnerability...
WordPress Social Pug Plugin <= 1.2.5 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Social Pug Plugin <= 1.2.5 - Cross Site Scripting
This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Draft retrieval in the editor doesn't respect page or space permissions
Drafts are supposed to be per user and private but given a draft id, which should be easy to guess as they are sequential, you can access the contents of any draft, both for new and existing pages by using the following urls:...
/rest/menu/1.0/appswitcher displays data unauthenticated
"Calling" this function returns data without any authentication required: noformat curl https://support.atlassian.com/rest/menu/latest/appswitcher | python -mjson.tool % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 787 0 787 0 0 531 0...
CVE-2024-36361
Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...