61 matches found
EUVD-2024-16162
Malicious code in bioql PyPI...
EUVD-2023-59017
Malicious code in bioql PyPI...
CVE-2024-7955
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-0366
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...
CVE-2024-0256
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-8239
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2023-6806
The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Starbox plugin < 3.5.3 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Starbox versions 3.5.3...
CVE-2024-8239
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2024-8239
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2024-8239 Starbox < 3.5.3 - Contributor+ Stored XSS
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...
CVE-2024-8239
The CVE-2024-8239 entry concerns the Starbox WordPress plugin (versions prior to 3.5.3). Affected component: rendering of social media profile URLs in certain contexts (e.g., malicious user profile or pages using the starbox shortcode). Root cause: improper handling/rendering leads to Stored XSS ...
WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)
Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...
WordPress plugin Starbox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-38885 · WordPress · Starbox
Name of the Vulnerable Software and Affected Versions: Starbox WordPress plugin versions prior to 3.5.3 Description: The issue concerns the improper rendering of social media profiles URLs in certain contexts, such as a malicious user's profile or pages where the starbox shortcode is used. This c...
WordPress Starbox plugin < 3.5.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Starbox versions 3.5.2...
CVE-2024-7955
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-7955 Starbox < 3.5.2 - Admin+ Stored XSS
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-7955 Starbox < 3.5.2 - Admin+ Stored XSS
The Starbox WordPress plugin before 3.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-7955
CVE-2024-7955 affects the Starbox WordPress plugin (versions prior to 3.5.2). The issue arises because the plugin does not fully sanitise/escape certain settings, enabling stored XSS by high-privilege users (e.g., Administrators) even when unfiltered_html is disallowed (such as in multisite setup...