58 matches found
CVE-2024-3597 Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rcexportedzipfile parameter. This makes it possible for unauthenticated attackers to...
WordPress plugin Export WP Page to Static HTML/CSS security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.2.2 is vulnerable to Open Redirection
Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A1: Injection Classification Open Redirection CVE CVE-2024-3597 Patch priority Low CVSS severity Low 4.7 Developer Claim ownership PSID 938d3f0380c6 Credits Krzysztof Zając Required...
CVE-2023-6369
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with...
WordPress Plugin Export WP Page to Static HTML/CSS Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Broken Access Control
Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6369 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fad061a3db6e Credits Alex Thomas...
CVE-2023-31077
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
CVE-2023-31077
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
CVE-2023-31077 WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
CVE-2023-31077 WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin = 2.1.9 versions...
PT-2023-23139 · WordPress · Recorp Export Wp Page To Static Html/Css
Name of the Vulnerable Software and Affected Versions: ReCorp Export WP Page to Static HTML/CSS plugin versions = 2.1.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that t...
WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Export WP Page to Static HTML/CSS Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-31077 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3a34d8e80f8d Credits...
PYSEC-2023-229
ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...
GHSA-CR45-98W9-GWQX Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context
Impact Any users who are using the wget or dom extractors and view the content they output. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious JS...
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context
Impact Any users who are using the wget or dom extractors and view the content they output. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to target your ArchiveBox instance. Malicious JS...
PT-2023-29705 · Unknown +1 · Archivebox +1
Name of the Vulnerable Software and Affected Versions: ArchiveBox affected versions not specified Description: The issue affects users of the wget extractor who view the content it outputs. If a user is logged in to the ArchiveBox admin site in the same browser session and views an archived...
SUSE CVE-2017-5453
A mechanism to inject static HTML into the RSS reader preview page due to a failure to escape characters sent as URL parameters for a feed's "TITLE" element. This vulnerability allows for spoofing but no scripted content can be run. This vulnerability affects Firefox 53...
[SECURITY] Fedora 36 Update: hugo-0.93.3-6.fc36
Hugo is a static HTML and CSS website generator written in Go. It is optimized for speed, easy use and configurability. Hugo takes a directory with content and templates and renders them into a full HTML website...
CVE-2022-35630
A cross-site scripting XSS issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2...