19 matches found
CVE-2023-45652
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5...
CVE-2024-2090
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...
EUVD-2023-49943
Malicious code in bioql PyPI...
CVE-2024-2089
The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2024-2090
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...
CVE-2024-2090 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery
The Remote Content Shortcode plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.5 via the remotecontent shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary...
WordPress Remote Content Shortcode plugin <= 1.5 - Authenticated (Contributor+) Server-Side Request Forgery vulnerability
Authenticated Contributor+ Server-Side Request Forgery vulnerability discovered by Francesco Carlucci in WordPress Plugin Remote Content Shortcode versions = 1.5...
PT-2024-18813 · WordPress · Remote Content Shortcode
Name of the Vulnerable Software and Affected Versions: Remote Content Shortcode plugin for WordPress versions up to, and including, 1.5 Description: The issue allows authenticated attackers with contributor-level access and above to make web requests to arbitrary locations originating from the we...
WordPress plugin Remote Content Shortcode 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Remote Content...
CVE-2024-2089 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2024-2089 Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remotecontent' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
PT-2024-18802 · WordPress · Remote Content Shortcode
Name of the Vulnerable Software and Affected Versions: Remote Content Shortcode plugin for WordPress versions up to, and including, 1.5 Description: The issue is related to Stored Cross-Site Scripting via the 'remote content' shortcode due to insufficient input sanitization and output escaping on...
WordPress plugin Remote Content Shortcode 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in WordPress plugin Remote Content...
WordPress Remote Content Shortcode plugin <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Francesco Carlucci in WordPress Plugin Remote Content Shortcode versions = 1.5...
WordPress Remote Content Shortcode Plugin <= 1.5 is vulnerable to Cross Site Scripting (XSS)
Software Remote Content Shortcode Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2089 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2ad325574597 Credits Francesco Carlucci...
CVE-2023-45652
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Justin Silver Remote Content Shortcode allows PHP Local File Inclusion.This issue affects Remote Content Shortcode: from n/a through 1.5...
WordPress plugin Remote Content Shortcode 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...
Remote Content Shortcode <= 1.5 - Authenticated(Contributor+) Local File Inclusion via shortcode
Description The Remote Content Shortcode plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.5 via the plugin's shortcode. This allows authenticated attackers with contributor-level privileges and above to include and execute arbitrary files on the serve...
WordPress Remote Content Shortcode Plugin <= 1.5 is vulnerable to Local File Inclusion
Software Remote Content Shortcode Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-45652 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6e56401bc4b5 Credits Mika Required privilege Contributor...