WordPress WordPress Custom Sidebar Plugin <= 2.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin WordPress Custom Sidebar versions = 2.3...

WordPress Strx Magic Floating Sidebar Maker plugin <= 1.4.1 - CSRF to Stored XSS vulnerability

CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin Strx Magic Floating Sidebar Maker versions = 1.4.1...

WordPress Sidebar-Content from Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin Sidebar-Content from Shortcode versions = 2.0...

WordPress REAL WordPress Sidebar plugin <= 0.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Mika in WordPress Plugin REAL WordPress Sidebar versions = 0.1...

WordPress plugin Sidebar-Content from Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

WordPress plugin Strx Magic Floating Sidebar Maker 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress plugin WordPress Custom Sidebar SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WordPress...

PT-2025-4995 · Unknown · Pflonk Sidebar-Content From Shortcode

Name of the Vulnerable Software and Affected Versions: pflonk Sidebar-Content from Shortcode versions prior to 2.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows DOM-Based XSS. This problem enabl...

CVE-2024-10216

The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'addsidebar' and 'removesidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticate...

WordPress WP User Manager plugin <= 2.9.11 - Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal vulnerability

Missing Authorization to Carbon Fields Custom Sidebar Addition/Removal vulnerability discovered by BrokenAC ignore in WordPress Plugin WP User Manager versions = 2.9.11...

PT-2024-16120 · Unknown +1 · Wp User Manager +2

Name of the Vulnerable Software and Affected Versions: The WP User Manager – User Profile Builder & Membership plugin for WordPress versions up to, and including, 2.9.11 Description: The issue is related to a missing capability check on the add sidebar and remove sidebar functions. This allows...

CVE-2024-9885 Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-9885 Widget or Sidebar Shortcode <= 0.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Widget or Sidebar Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sidebar' shortcode in all versions up to, and including, 0.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress plugin Widget or Sidebar Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

PT-2024-39911 · WordPress · Widget/Sidebar Shortcode

Name of the Vulnerable Software and Affected Versions: Widget or Sidebar Shortcode plugin for WordPress versions up to and including 0.6.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's 'sidebar' shortcode, allowi...

WordPress Widget or Sidebar Shortcode Plugin <= 0.6.1 is vulnerable to Cross Site Scripting (XSS)

Software Widget or Sidebar Shortcode Type Plugin Vulnerable versions = 0.6.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9885 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 103d39e3e11c Credits theviper17y...

@briza/air (>=0.1.21 <=0.1.22), @doorons/do-ui (>=1.1.3 <=1.3.6) +7 more potentially affected by CVE-2024-9440 via slim-select (=2.13.1)

slim-select NPM version =2.13.1 is affected by a known vulnerability. The following packages have a transitive dependency on slim-select and may be impacted: - @briza/air =0.1.21, =1.1.3, =0.7.0-beta.2, =0.4.0-beta.8, =4.2.6-alpha.16, =1.0.2, =2.0.0-beta.0, =1.0.9, =2.2.2 Source cves: CVE-2024-94...

AutoCMS 跨站脚本漏洞

AutoCMS is a content management system CMS from AutoCMS Open Source. It helps dealers manage their website content, online advertising, social media and analytics. A cross-site scripting vulnerability exists in AutoCMS version 5.4, which originates in an unknown section of the /admin/robot.php...

CVE-2024-44725

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php...

CVE-2024-44725

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php...