WordPress Mihdan: Yandex Turbo Feed plugin <= 1.6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Mihdan: Yandex Turbo Feed versions = 1.6.5.1...

WordPress Mihdan: Yandex Turbo Feed Plugin <= 1.6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Mihdan: Yandex Turbo Feed Type Plugin Vulnerable versions = 1.6.5.1 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4411 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7511f9588339 Credits Peter...

CVE-2024-0610

The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...

PT-2024-15687 · WordPress · Piraeus Bank Woocommerce Payment Gateway

Name of the Vulnerable Software and Affected Versions: Piraeus Bank WooCommerce Payment Gateway plugin for WordPress versions up to, and including, 1.6.5.1 Description: The issue is related to a time-based blind SQL Injection vulnerability via the MerchantReference parameter. This vulnerability i...