Lucene search
K

107 matches found

RedHat Linux
RedHat Linux
added 2024/10/02 11:38 a.m.5 views

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

8.6CVSS5.8AI score0.76959EPSS
Exploits5References7
RedHat Linux
RedHat Linux
added 2024/10/01 6:35 p.m.16 views

cups: libppd: remote command injection via attacker controlled data in PPD file

A security vulnerability was found in OpenPrinting CUPS. The function ppdCreatePPDFromIPP2 in the libppd library is responsible for generating a PostScript Printer Description PPD file based on attributes retrieved from an Internet Printing Protocol IPP response. Essentially, it takes printer...

9.8CVSS5.9AI score0.62474EPSS
Exploits6References7
RedHat Linux
RedHat Linux
added 2024/10/01 6:26 p.m.4 views

cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes

A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server,...

8.6CVSS5.8AI score0.76959EPSS
Exploits5References7
OSV
OSV
added 2024/09/30 6:15 a.m.2 views

CVE-2024-8536

The Ultimate Blocks WordPress plugin before 3.2.2 does not validate and escape some of its block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2024/08/06 12:0 a.m.3 views

WordPress plugin shortcodes-ultimate-pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.6AI score0.00314EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/11 12:0 a.m.4 views

WordPress plugin Bible Text security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation, WordPress is a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin...

5.4CVSS6.4AI score0.00312EPSS
Exploits1References2
OSV
OSV
added 2024/06/26 6:15 a.m.4 views

CVE-2024-5199

The Spotify Play Button WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.00356EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/20 12:0 a.m.4 views

WordPress plugin Responsive video embed security vulnerability

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Custom Field Suite plugin is a custom field adding plugin used in it.Media Library...

5.4CVSS6.7AI score0.00367EPSS
Exploits2References2
OSV
OSV
added 2024/06/14 6:15 a.m.5 views

CVE-2024-3978

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

5.4CVSS5.8AI score0.00357EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.8 views

WordPress plugin WP Shortcodes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.3CVSS8.6AI score0.00438EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/04/26 12:0 a.m.4 views

WordPress plugin MM-email2image 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS8.6AI score0.00624EPSS
Exploits2References2
OSV
OSV
added 2024/03/18 7:15 p.m.5 views

CVE-2024-0711

The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

6.1CVSS5.8AI score0.00413EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.5 views

WordPress Plugin Team Members Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS6AI score0.00443EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/03/18 12:0 a.m.7 views

WordPress Plugin Jobs Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS6AI score0.00457EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/03/18 12:0 a.m.5 views

PT-2024-17948 · WordPress · Team Members

Name of the Vulnerable Software and Affected Versions: The Team Members WordPress plugin versions prior to 5.3.2 Description: The issue is related to the lack of validation and escaping of some shortcode attributes in the plugin, which could allow users with the author role and above to perform...

6.1CVSS6AI score0.00443EPSS
Exploits2References6
WPVulnDB
WPVulnDB
added 2024/02/13 12:0 a.m.20 views

Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

Description The plugin does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

8AI score0.00442EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.6 views

PT-2024-14997 · WordPress · Tj Shortcodes

Name of the Vulnerable Software and Affected Versions: TJ Shortcodes WordPress plugin versions 0.1.3 and earlier Description: The issue concerns the lack of validation and escaping of certain shortcode attributes in the TJ Shortcodes WordPress plugin, which can lead to Stored Cross-Site Scripting...

5.4CVSS5.8AI score0.00406EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.4 views

WordPress plugin TJ Shortcodes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

5.4CVSS5.9AI score0.00406EPSS
Exploits2References3
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

WordPress plugin Lana Shortcodes security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.9AI score0.00485EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-11917 · WordPress · Customer Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce WordPress plugin versions prior to 5.17.0 Description: The issue is related to the failure of the Customer Reviews for WooCommerce WordPress plugin to validate and escape some of its shortcode attributes befor...

5.4CVSS5.2AI score0.00534EPSS
Exploits1References5
Rows per page
Query Builder