134 matches found
CVE-2024-1288
CVE-2024-1288 affects the Schema & Structured Data for WP & AMP WordPress plugin. The vulnerability is due to a missing capability check in the saswp_reviews_form_render function, allowing authenticated attackers with Contributor+ access to modify stored reCaptcha site/secret keys, potentially br...
CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...
CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification
The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswpreviewsformrender' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with...
CVE-2024-1586
CVE-2024-1586 affects the WordPress plugin “Schema & Structured Data for WP & AMP”. All versions up to and including 1.26 are affected due to insufficient input sanitization and output escaping in the custom schema, enabling a stored XSS via authenticated access. By default, authentication is at ...
WordPress Schema & Structured Data for WP & AMP Plugin <= 1.26 is vulnerable to Cross Site Scripting (XSS)
Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1586 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID d223b483272f Credits Sh...
WordPress Schema & Structured Data for WP & AMP Plugin <= 1.26 is vulnerable to Broken Access Control
Software Schema & Structured Data for WP & AMP Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1288 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID aef94ec88b0d Credits Ngô Thiên ...
Nemesis - An Offensive Data Enrichment Pipeline
Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...
CVE-2023-51677
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23...
CVE-2023-51677
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23...
CVE-2023-51677 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23...
CVE-2023-51677
CVE-2023-51677 is a Stored Cross-Site Scripting vulnerability in the WordPress plugin Schema & Structured Data for WP & AMP . Root cause: improper input neutralization during web page generation. Affected versions:
CVE-2023-51677 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.23 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.23...
WordPress plugin Schema & Structured Data for WP & AMP Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2024-22146
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
CVE-2024-22146
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
CVE-2024-22146
CVE-2024-22146 affects the WordPress plugin Schema & Structured Data for WP & AMP (Magazine3) — versions up to and including 1.25. The root cause is improper input neutralization during web page generation, enabling Stored XSS. A fix exists in version 1.26. Public exploitation details are not pro...
CVE-2024-22146 WordPress Schema & Structured Data for WP & AMP Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25...
WordPress plugin Schema & Structured Data for WP & AMP 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...