39 matches found
EUVD-2021-34251
Malicious code in bioql PyPI...
EUVD-2024-26896
Malicious code in bioql PyPI...
CVE-2024-29922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1...
CVE-2022-3074
The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks...
CVE-2021-4424
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2021-24506
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection...
CVE-2024-29922
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1...
CVE-2024-29922 WordPress Slider Hero plugin <= 8.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1...
CVE-2024-29922 WordPress Slider Hero plugin <= 8.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.1...
CVE-2024-29922
CVE-2024-29922: Affected product is the Slider Hero WordPress plugin (Quantum Cloud Slider Hero). The issue is a Stored XSS caused by improper neutralization of input during web page generation, enabling injected scripts to persist in pages generated by Slider Hero (vulnerable up to 8.6.1). The c...
WordPress Plugin Slider Hero 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress Slider Hero Plugin <= 8.6.1 is vulnerable to Cross Site Scripting (XSS)
Software Slider Hero Type Plugin Vulnerable versions = 8.6.1 Fixed in 8.7.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29922 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b14fdd6b236b Credits Jean Tirstan T Required privilege...
CVE-2021-4424
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
Cross site request forgery (csrf)
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2021-4424
CVE-2021-4424 covers a CSRF vulnerability in the Slider Hero WordPress plugin (versions up to 8.2.0) caused by missing/incorrect nonce validation in qc_slider_hero_duplicate(). This allows unauthenticated attackers to duplicate slides via forged requests if a site admin is tricked. Affected softw...
CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
WordPress Plugin Slider Hero 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
PT-2023-12537 · WordPress · Slider Hero
Name of the Vulnerable Software and Affected Versions: Slider Hero plugin for WordPress versions up to and including 8.2.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the qc slider hero duplicate function. This allows...
WordPress Slider Hero Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...