Lucene search
+L

61 matches found

WPVulnDB
WPVulnDB
added 2024/02/09 12:0 a.m.15 views

Starbox < 3.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Job Settings

Description The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Settings user profile fields in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.5CVSS5.7AI score0.00427EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/07 5:15 a.m.5 views

CVE-2024-0256

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.4CVSS7.4AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2024/02/07 5:15 a.m.28 views

CVE-2024-0256

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00323EPSS
Exploits0References2
Prion
Prion
added 2024/02/07 5:15 a.m.18 views

Cross site scripting

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.9CVSS6AI score0.00323EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/07 4:31 a.m.15 views

CVE-2024-0256 Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.8AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/07 4:31 a.m.34 views

CVE-2024-0256 Starbox <= 3.4.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Profile Display Name and Social Settings

The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2024/02/07 4:31 a.m.43 views

CVE-2024-0256

CVE-2024-0256 concerns the Starbox WordPress plugin. The vulnerability is a Stored Cross-Site Scripting (XSS) via Profile Display Name and Social Settings in all versions up to 3.4.8, caused by insufficient input sanitization and output escaping. It requires authenticated access at subscriber lev...

6.4CVSS5.6AI score0.00323EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/02/07 12:0 a.m.11 views

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0256 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID dd46b4b9ae28 Credits Lucio Sá Required privileg...

6.4CVSS5.6AI score0.00323EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/02/07 12:0 a.m.13 views

WordPress Starbox Plugin <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions = 3.4.8 Fixed in 3.5.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6806 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1adb996175e5 Credits Sh Required privilege...

6.4CVSS5.6AI score0.00427EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/07 12:0 a.m.6 views

WordPress Plugin Starbox Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6AI score0.00323EPSS
Exploits0References3
Prion
Prion
added 2024/02/05 10:16 p.m.19 views

Input validation

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

4CVSS6.9AI score0.00576EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/05 10:16 p.m.5 views

CVE-2024-0366

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

4.3CVSS5.8AI score0.00576EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/05 9:22 p.m.28 views

CVE-2024-0366 Starbox – the Author Box for Humans <= 3.4.7 - Insecure Direct Object Reference

The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences...

4.3CVSS4.7AI score0.00576EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.6 views

WordPress plugin Starbox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

4.3CVSS7AI score0.00576EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.13 views

WordPress Starbox Plugin <= 3.4.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Starbox Type Plugin Vulnerable versions = 3.4.7 Fixed in 3.4.8 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-0366 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 91eab1a196aa Credits Sh Required privilege...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/31 12:0 a.m.19 views

Starbox < 3.4.8 - Subscriber+ Plugin Preferences / User Settings Access via IDOR

Description The plugin is vulnerable to Insecure Direct Object Reference via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings...

4CVSS6.7AI score0.00576EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:59 a.m.8 views

Starbox Voting - ajax.php Full Path Disclosure

The Starbox Voting WordPress plugin was affected by an ajax.php Full Path Disclosure security vulnerability...

2AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.3 views

WordPress Starbox Voting Plugin - Full Path Disclosure

Because of this vulnerability, remote users can determine the full path to the web root directory and other potentially sensitive information. Solution Update the plugin...

3.8AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2014/08/01 12:0 a.m.11 views

WordPress Starbox Voting Plugin - Full Path Disclosure

Because of this vulnerability, remote users can determine the full path to the web root directory and other potentially sensitive information. Solution Update the plugin...

3.8AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2011/02/22 12:0 a.m.61 views

HTB22840: Path disclosure in Starbox Voting wordpress plugin

Vulnerability ID: HTB22840 Reference: http://www.htbridge.ch/advisory/pathdisclosureinstarboxvotingwordpressplugin.html Product: Starbox Voting wordpress plugin Vendor: jigen.he http://www.sealedbox.cn/ Vulnerable Version: 2.0.4 Vendor Notification: 08 February 2011 Vulnerability Type: Path...

7AI score
Exploits0
Rows per page
Query Builder