37 matches found
EUVD-2024-40615
Malicious code in bioql PyPI...
EUVD-2024-31759
Malicious code in bioql PyPI...
EUVD-2024-40616
Malicious code in bioql PyPI...
CVE-2024-3162
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget Attributes in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...
CVE-2024-1999
The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Widget's anchor style parameter in all versions up to, and including, 3.2.25 due to insufficient input sanitization and output escaping. This makes ...
CVE-2024-7390
The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.1. This makes it possible for unauthenticated attackers to change the order of...
CVE-2024-43967
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43966
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43967
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43967
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43966
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43966
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43967
CVE-2024-43967 concerns the WP Testimonial Widget. The vulnerability is a stored XSS caused by improper neutralization of input during web page generation, affecting WP Testimonial Widget versions from n/a up to and including 3.1. The exploit requires an authenticated Administrator+ permission. N...
CVE-2024-43967 WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...
CVE-2024-43967 WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1...
WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hnwmn Patchstack Alliance in WordPress Plugin WP Testimonial Widget versions = 3.1...
CVE-2024-43966
CVE-2024-43966 : Vulnerability in WP Testimonial Widget (WordPress plugin) with an SQL injection caused by improper neutralization. Affected: WP Testimonial Widget from n/a to 3.1. Exposure requires authenticated access (Admin+) and currently shows as unpatched; no exploits details provided in th...
WordPress WP Testimonial Widget plugin <= 3.1 - SQL Injection vulnerability
SQL Injection vulnerability discovered by hnwmn Patchstack Alliance in WordPress Plugin WP Testimonial Widget versions = 3.1...
WordPress WP Testimonial Widget Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Testimonial Widget Type Plugin Vulnerable versions = 3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43967 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 886cd3de89e3 Credits hnwmn Required privilege Administrat...
PT-2024-30828 · WordPress · Stark Digital Wp Testimonial Widget
Name of the Vulnerable Software and Affected Versions: Stark Digital WP Testimonial Widget versions n/a through 3.1 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation...