50 matches found
CVE-2024-2936
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
EUVD-2024-32601
Malicious code in bioql PyPI...
EUVD-2024-17199
Malicious code in bioql PyPI...
CVE-2024-3208
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2024-1447
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated...
CVE-2024-4473
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-4473
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-4473
CVE-2024-4473 affects the Sydney Toolbox plugin for WordPress, where the Sydney Toolbox's aThemes: Portfolio widget (
CVE-2024-4473 Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "aThemes: Portfolio" widget in all versions up to, and including, 1.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress Sydney Toolbox plugin <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via aThemes: Portfolio Widget vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Sydney Toolbox versions = 1.31...
PT-2024-31227 · WordPress · Sydney Toolbox
Name of the Vulnerable Software and Affected Versions: Sydney Toolbox plugin for WordPress versions up to, and including, 1.31 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the "aThemes: Portfolio" widget, allowing...
WordPress Sydney Toolbox Plugin <= 1.31 is vulnerable to Cross Site Scripting (XSS)
Software Sydney Toolbox Type Plugin Vulnerable versions = 1.31 Fixed in 1.32 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4473 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1fd3834832c Credits Ngô Thiên An ancorn Require...
WordPress plugin Sydney Toolbox 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-4036
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036 Sydney Toolbox <= 1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in all versions up to, and including, 1.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above...
CVE-2024-4036
CVE-2024-4036 concerns the Sydney Toolbox plugin for WordPress. It enables Stored Cross-Site Scripting via the style parameter in all versions up to and including 1.30. The vulnerability requires authentication with at least Contributor access and can allow injection of arbitrary scripts that exe...
PT-2024-28819 · WordPress · Sydney Toolbox
Name of the Vulnerable Software and Affected Versions: The Sydney Toolbox plugin for WordPress versions up to, and including, 1.30 Description: The issue is related to Stored Cross-Site Scripting via the style parameter due to insufficient input sanitization and output escaping. This allows...