EUVD-2023-28036

Malicious code in bioql PyPI...

CVE-2023-23972

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

CVE-2023-0177

The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.41 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

CVE-2024-5224

The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-5224 Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes...

CVE-2024-5224 Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes...

WordPress Easy Social Like Box plugin <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Easy Social Like Box – Popup – Sidebar Widget versions = 4.0...

WordPress Easy Social Like Box – Popup – Sidebar Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Easy Social Like Box – Popup – Sidebar Widget Type Plugin Vulnerable versions = 4.0 Fixed in 4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5224 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 595d5823e3e8 Credit...

Easy Social Like Box – Popup – Sidebar Widget <= 4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Easy Social Like Box – Popup – Sidebar Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cardozafacebooklikebox' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied...

CVE-2023-23972

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin = 0.8.39 versions...

CVE-2023-23972

CVE-2023-23972 concerns the WordPress plugin “Social Like Box and Page by WpDevArt” (Smplug-in) up to version 0.8.39. The issue is a stored XSS vulnerability that requires admin+ privileges to exploit. The underlying cause is improper sanitization/escaping in the plugin’s inputs, enabling a high-...

WordPress plugin Social Like Box and Page by WpDevArt 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2023-19327 · Wpdevart · Smplug-In Social Like Box/Page By Wpdevart

Name of the Vulnerable Software and Affected Versions: Smplug-in Social Like Box and Page by WpDevArt plugin versions 0.8.39 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For...

WordPress plugin Social Like Box and Page by WpDevArt 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress Social Like Box and Page by WpDevArt Plugin < 0.8.41 is vulnerable to Cross Site Scripting (XSS)

Software Social Like Box and Page by WpDevArt Type Plugin Vulnerable versions 0.8.41 Fixed in 0.8.41 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0177 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID ef846e0a5f6e Credi...

Social Like Box and Page by WpDevArt < 0.8.41 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC wpdevartlikebox height='"...

WordPress Social Like Box and Page by WpDevArt Plugin <= 0.8.39 is vulnerable to Cross Site Scripting (XSS)

Software Social Like Box and Page by WpDevArt Type Plugin Vulnerable versions = 0.8.39 Fixed in 0.8.40 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-23972 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 64595d0f3f2d Credits...

Cardoza Facebook Like Box < 2.8.3 - Multiple CSRF

The Easy Social Like Box – Popup – Sidebar Widget WordPress plugin was affected by a Multiple CSRF security vulnerability...