25 matches found
EUVD-2024-51575
Malicious code in bioql PyPI...
EUVD-2024-50645
Malicious code in bioql PyPI...
EUVD-2024-50747
Malicious code in bioql PyPI...
CVE-2024-12291
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...
CVE-2024-12170
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries...
CVE-2024-13394
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13394 ViewMedica 9 <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13394 ViewMedica 9 <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13394
The CVE-2024-13394 vulnerability affects the ViewMedica 9 WordPress plugin (affected version range: all versions up to and including 1.4.15). The issue is Stored Cross-Site Scripting via the plugin’s viewmedica shortcode, caused by insufficient input sanitization and output escaping on user-suppl...
WordPress plugin ViewMedica 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-2151 · WordPress · Viewmedica
Name of the Vulnerable Software and Affected Versions: ViewMedica 9 plugin for WordPress versions up to, and including, 1.4.15 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode due to insufficient input sanitization and output escaping on...
WordPress ViewMedica 9 plugin <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin ViewMedica 9 versions = 1.4.15...
CVE-2024-12291
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...
CVE-2024-12291
CVE-2024-12291 : The ViewMedica 9 WordPress plugin is vulnerable to Cross-Site Request Forgery that leads to a Reflected Cross-Site Scripting condition in all versions up to 1.4.15. The root cause is missing or incorrect nonce validation on a function, enabling unauthenticated attackers to induce...
CVE-2024-12291 ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...
CVE-2024-12291 ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.17. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged...
CVE-2024-12170 ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries...
CVE-2024-12170 ViewMedica Embed <= 1.4.15 - Cross-Site Request Forgery to SQL Injection
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries...
CVE-2024-12170
CVE-2024-12170 affects ViewMedica 9 WordPress plugin (versions up to 1.4.15). The vulnerability is a Cross-Site Request Forgery (CSRF) on the Viewmedica-Admin page that enables unauthenticated attackers to cause the system to accept forged requests. This can allow an admin-facing action to trigge...
PT-2025-1769 · WordPress · Viewmedica
Name of the Vulnerable Software and Affected Versions: ViewMedica 9 plugin for WordPress versions up to, and including, 1.4.15 Description: The issue is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page, making it possible for unauthenticated attackers to inject arbitrar...