Lucene search
K

56 matches found

Prion
Prion
added 2023/10/03 2:15 p.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...

6.8CVSS8.8AI score0.00208EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/03 1:29 p.m.51 views

CVE-2023-40558

CVE-2023-40558 : CSRF in the WordPress plugin “eMarket Design YouTube Video Gallery by YouTube Showcase” ( 3.3.5, with Patchstack noting fixed in 3.3.6. Other sources corroborate vulnerability details and patch guidance. If not upgrading, consider monitoring and applying vendor patch in a timely ...

8.8CVSS7.1AI score0.00208EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/03 1:29 p.m.22 views

CVE-2023-40558 WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...

5.4CVSS9AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 2022/02/28 9:15 a.m.4 views

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...

4.3CVSS5.9AI score
Exploits0References1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress a-staff – Team member showcase plugin for WordPress plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress a-staff – Team member showcase plugin for WordPress plugin versions = 1.2.2. Solution No patched version available...

4.6AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/11/01 12:0 a.m.4 views

WordPress 访问控制错误漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. An Access Control Error vulnerability exists in WordPress Plugins, which stems from The Logo Slider and...

6.5CVSS6.5AI score0.0083EPSS
Exploits2References1
OSV
OSV
added 2021/01/01 2:15 a.m.6 views

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

8.8CVSS7.4AI score0.02082EPSS
Exploits1References1
OSV
OSV
added 2021/01/01 2:15 a.m.5 views

CVE-2020-35937

Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

8CVSS7.2AI score0.01651EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/01/01 1:25 a.m.29 views

CVE-2020-35939

PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...

7.5CVSS8.8AI score0.02082EPSS
Exploits1References1
CVE
CVE
added 2021/01/01 1:25 a.m.85 views

CVE-2020-35939

CVE-2020-35939 affects the Team Showcase plugin for WordPress (and related Post Grid/Team Showcase context) with PHP Object Injection via insecure unserialization in the source parameter over AJAX when action=team_import_xml_layouts. It requires authentication (remote authenticated attacker) and ...

8.8CVSS8.6AI score0.02082EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2021/01/01 1:25 a.m.29 views

CVE-2020-35937

Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...

7.5CVSS6.8AI score0.01651EPSS
Exploits1References1
CVE
CVE
added 2021/01/01 1:25 a.m.82 views

CVE-2020-35937

CVE-2020-35937 affects the WordPress Post Grid/Team Showcase plugin: stored XSS in Team Showcase before 1.22.16 via AJAX import of layouts (team_import_xml_layouts) where the source parameter can carry crafted JavaScript. Requires authenticated access; impact is partial confidentiality/integrity/...

8CVSS6.6AI score0.01651EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2020/12/31 12:0 a.m.5 views

WordPress Team Showcase plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Team Showcase plugin before 1.22.16 for WordPress...

8CVSS5.6AI score0.01651EPSS
Exploits1References2
Patchstack
Patchstack
added 2020/10/05 12:0 a.m.10 views

WordPress Team Showcase plugin <= 1.22.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ramuel Gall Wordfence in WordPress Team Showcase plugin versions = 1.22.15. Solution Update the WordPress Team Showcase plugin to the latest available version at least 1.22.16...

2.8AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/05 12:0 a.m.11 views

WordPress Team Showcase plugin <= 1.22.15 - PHP Object Injection vulnerability

PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Team Showcase plugin versions = 1.22.15. Solution Update the WordPress Team Showcase plugin to the latest available version at least 1.22.16...

2.9AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/07/07 12:0 a.m.5 views

Apache Struts (S2-048) Remote Command Execution Vulnerability

Apache Struts is an open source framework for creating enterprise Java Web applications. An S2-048 remote code execution vulnerability exists in Apache Struts2 version 2.3.x. The vulnerability exists in the Action Message class of a Showcase plugin for Struts2 and Struts1. The vulnerability exist...

9.8CVSS8.2AI score0.98931EPSS
Exploits19References1
Rows per page
Query Builder