10 matches found
EUVD-2023-33737
Malicious code in bioql PyPI...
CVE-2023-2225
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2225
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2225
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2225
CVE-2023-2225 affects the SEO ALert WordPress plugin (versions 1.59 and earlier). The issue arises because the plugin does not sanitize/escape certain settings, enabling stored XSS by high-privilege users (e.g., admins), including in multisite environments. CVSS 3.1 shows 4.8 base score (MEDIUM) ...
CVE-2023-2225 SEO ALert <= 1.59 - Admin+ Stored XSS
The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-18386 · WordPress · Seo Alert Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: SEO ALert WordPress plugin versions 1.59 and earlier Description: The SEO ALert WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting...
WordPress SEO ALert Plugin <= 1.5.9 is vulnerable to Cross Site Scripting (XSS)
Software SEO ALert Type Plugin Vulnerable versions = 1.5.9 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2225 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10e4776e7e3a Credits N/A Required privilege...
SEO ALert <= 1.59 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to Vanilla Beans » SEO Alert. 2. In...
SEO ALert <= 1.59 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Go to Vanilla Beans » SEO Alert. 2. In "Slack...