CVE-2024-51671 WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through = 3.0.3...

CVE-2024-51671

CVE-2024-51671 is a real missing-authorization problem in the WordPress plugin Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE (versions up to and including 3.0.3). The flaw constitutes a Broken Access Control / Missing Authorization vulnerability that could allow unautho...

CVE-2024-51671 WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle Otter - Gutenberg Block otter-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through = 3.0.3...

CVE-2024-47325

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle MPG multiple-pages-generator-by-porthas allows SQL Injection.This issue affects MPG: from n/a through = 3.4.7...

CVE-2024-47325

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7...

CVE-2024-47325

CVE-2024-47325 corresponds to a SQL Injection in the WordPress plugin Multiple Page Generator Plugin – MPG (versions

CVE-2024-47325 WordPress Multiple Page Generator Plugin – MPG plugin <= 3.4.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeisle Multiple Page Generator Plugin – MPG allows SQL Injection.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.7...

CVE-2024-7778

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

CVE-2024-7778

CVE-2024-7778 affects Orbit Fox by ThemeIsle for WordPress. It is a Stored XSS via SVG file uploads in all versions up to and including 2.10.36 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Author level or higher, and injected scripts ex...

CVE-2024-7778 Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.10.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access...

WordPress Orbit Fox by ThemeIsle plugin <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by wesley wcraft in WordPress Plugin Orbit Fox by ThemeIsle versions = 2.10.36...

WordPress plugin Orbit Fox by ThemeIsle 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.36 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.36 Fixed in 2.10.37 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7778 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID cd6e92d6eaf7 Credits wesley wcraft...

CVE-2024-2484

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

CVE-2024-2484 Orbit Fox by ThemeIsle <= 2.10.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via Services and Post Type Grid Widgets

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wi...

WordPress plugin Orbit Fox by ThemeIsle security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

WordPress Orbit Fox by ThemeIsle Plugin <= 2.10.34 is vulnerable to Cross Site Scripting (XSS)

Software Orbit Fox by ThemeIsle Type Plugin Vulnerable versions = 2.10.34 Fixed in 2.10.35 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2484 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 507ddf38e324 Credits wesley wcraft...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...