Lucene search
K

268 matches found

Patchstack
Patchstack
added 2024/10/21 12:0 a.m.14 views

WordPress Anchor Episodes Index (Spotify for Podcasters) Plugin <= 2.1.10 is vulnerable to Cross Site Scripting (XSS)

Software Anchor Episodes Index Spotify for Podcasters Type Plugin Vulnerable versions = 2.1.10 Fixed in 2.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10189 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2a629fa9143c...

6.4CVSS5.8AI score0.00295EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2024/09/24 4:13 p.m.23 views

Necro Android Malware Found in Popular Camera and Browser Apps on Play Store

Altered versions of legitimate Android apps associated with Spotify, WhatsApp, and Minecraft have been used to deliver a new version of a known malware loader called Necro. Kaspersky said some of the malicious apps have also been found on the Google Play Store. They have been cumulatively...

8AI score
Exploits0
Securelist
Securelist
added 2024/09/23 10:0 a.m.28 views

How the Necro Trojan infiltrated Google Play, again

Introduction We sometimes come across modified applications when analyzing suspicious files. These are created in response to user requests for more customization options within the app or for new features that the official versions don't have. Unfortunately, it's not uncommon for popular mods to...

7.6AI score
Exploits0
Patchstack
Patchstack
added 2024/06/26 10:17 a.m.5 views

WordPress Spotify Play Button plugin <= 1.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Spotify Play Button versions = 1.0...

6.1CVSS6.1AI score0.00356EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2024/06/26 6:15 a.m.4 views

CVE-2024-5199

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00356EPSS
Exploits2References1
NVD
NVD
added 2024/06/26 6:15 a.m.28 views

CVE-2024-5199

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.1CVSS0.00356EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/26 6:0 a.m.16 views

CVE-2024-5199 Spotify Play Button <= 1.0 - Contributor+ Stored XSS

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00356EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/26 6:0 a.m.37 views

CVE-2024-5199 Spotify Play Button <= 1.0 - Contributor+ Stored XSS

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00356EPSS
Exploits2References1
CVE
CVE
added 2024/06/26 6:0 a.m.56 views

CVE-2024-5199

CVE-2024-5199 affects Spotify Play Button WordPress plugin (

6.1CVSS5.5AI score0.00356EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/06/26 12:0 a.m.2 views

WordPress Plugin Spotify Play Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.1CVSS6.1AI score0.00356EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/06/26 12:0 a.m.20 views

WordPress Spotify Play Button Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software Spotify Play Button Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5199 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 81b0c1de1aa9 Credits Bob Matyas Required...

6.1CVSS5.7AI score0.00356EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/26 12:0 a.m.5 views

PT-2024-35080 · Spotify · Spotify Play Button Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Spotify Play Button WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of validation and escaping of certain shortcode attributes in the plugin, which could allow users with the contributor role and above to...

6.1CVSS6AI score0.00356EPSS
Exploits2References4
wpexploit
wpexploit
added 2024/06/05 12:0 a.m.136 views

Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. spotify-play...

5.9AI score0.00356EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/05 12:0 a.m.11 views

Spotify Play Button <= 1.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC spotify-play...

5.7AI score0.00356EPSS
Exploits2
CVE
CVE
added 2024/05/02 4:52 p.m.73 views

CVE-2024-2765

The CVE refers to the Ultimate Member plugin for WordPress. It is a Stored XSS vulnerability via Skype/Spotify URL parameters in versions

5.4CVSS5.7AI score0.00502EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2024/05/02 4:52 p.m.31 views

CVE-2024-2765 Ultimate Member <= 2.8.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Skype and Spotify URL parameters in all versions up to, and including, 2.8.4 due to insufficient input...

5.4CVSS5.2AI score0.00502EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress Plugin Ultimate Member 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

5.4CVSS5.7AI score0.00502EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.7 views

PT-2024-21981 · WordPress · The Ultimate Member – User Profile

Name of the Vulnerable Software and Affected Versions: The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress versions up to, and including, 2.8.4 Description: The issue is related to Stored Cross-Site Scripting due ...

5.4CVSS5.9AI score0.00502EPSS
Exploits0References9
NVD
NVD
added 2024/03/13 9:16 p.m.31 views

CVE-2024-28193

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

6.5CVSS6.3AI score0.0064EPSS
Exploits1References1
Prion
Prion
added 2024/03/13 9:16 p.m.28 views

Design/Logic Flaw

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify A...

4CVSS6.7AI score0.0064EPSS
Exploits1References1
Rows per page
Query Builder