19 matches found
CVE-2024-3827
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-3828
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
CVE-2024-3827
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-3827
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-3827
The CVE-2024-3827 entry concerns the Spectra Pro WordPress plugin. A stored XSS flaw exists in all versions up to and including 1.1.4 due to insufficient input sanitization and output escaping on user-supplied block IDs/attributes. Exploitation requires at least contributor-level authentication a...
CVE-2024-3827 Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-3827 Spectra Pro <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs
The Spectra Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via block ids in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WordPress Spectra Pro plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block IDs vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Block IDs vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Spectra Pro versions = 1.1.4...
WordPress plugin Spectra Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress Spectra Pro Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)
Software Spectra Pro Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3827 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8933f875d04c Credits Ngô Thiên An ancorn Required...
CVE-2024-3828
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
WordPress plugin Spectra Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugin Spectra Pro has a...
CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
CVE-2024-3828
Technical details about CVE-2024-3828 are not publicly provided in the supplied documents. No additional specifics on affected versions beyond 1.1.5, root cause, or fixes are available here; monitor for updates.
CVE-2024-3828 Spectra Pro <= 1.1.5 - Authenticated (Author+) Privilege Escalation
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated...
WordPress Spectra Pro plugin <= 1.1.5 - Authenticated (Author+) Privilege Escalation vulnerability
Authenticated Author+ Privilege Escalation vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Spectra Pro versions = 1.1.5...
WordPress Spectra Pro Plugin <= 1.1.5 is vulnerable to Privilege Escalation
Software Spectra Pro Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A7: Identification and Authentication Failures Classification Privilege Escalation CVE CVE-2024-3828 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e9883ee7b5f9 Credits Ngô Thiên An...
PT-2024-27918 · WordPress · Spectra Pro
Name of the Vulnerable Software and Affected Versions: Spectra Pro plugin for WordPress versions up to and including 1.1.5 Description: The issue allows lower-privileged users to create registration forms and set the default role to administrator. This enables authenticated attackers with...
Spectra Pro < 1.1.6 - Authenticated (Author+) Privilege Escalation
Description The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for...